WARNING: NEW VULNERABILITY IN QLIK SENSE ENTERPRISE FOR WINDOWS, PATCH IMMEDIATELY!
CVE-2024-36077:CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Sources
Risks
A security issue in Qlik Sense Enterprise for Windows has been identified, and patches have been made available. If successfully exploited, this vulnerability could lead to a compromise of the server running the Qlik Sense software, including remote code execution (RCE).
The impact on Confidentiality, Integrity and Availability is High.
Although this vulnerability has not yet been observed being exploited in the wild, previous vulnerabilities in Qlik Sense have been abused to deliver Cactus ransomware. reference: https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/
Urgent patching is advised!
Description
Qlik Sense Enterprise for Windows allows a remote attacker with existing privileges to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.