DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution | allinfosecnews.com

Sept. 22, 2023, 1:13 p.m. | Emmaline

Blog - Praetorian www.praetorian.com

Overview On August 29th, 2023, Qlik issued a patch for two vulnerabilities we identified in Qlik Sense Enterprise, CVE-2023-41265 and CVE-2023-41266. These vulnerabilities allowed for unauthenticated remote code execution via path traversal and HTTP request tunneling. As part of our standard operating procedure, we performed a diff of the issued patch to identify potential bypasses […]

The post DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution appeared first on Praetorian.

august bypassing code code execution cve enterprise fix http labs patch path path traversal procedure qlik qlik sense remote code remote code execution request standard tunneling unauthenticated vulnerabilities vulnerability research

More from www.praetorian.com / Blog - Praetorian

Compromising ByteDance’s RSPack using GitHub Actions Vulnerabilities 1 day, 9 hours ago | www.praetorian.com

actions attacker bytedance bytedance rspack +16

Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) 1 month ago | www.praetorian.com

ant application customers cve +21

MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135) 3 months ago | www.praetorian.com

article can cross-site cswsh +17

Exploiting Kubernetes through Operator Injection 3 months, 2 weeks ago | www.praetorian.com

application applications attack attackers +20

Relution Remote Code Execution via Java Deserialization Vulnerability 4 months ago | www.praetorian.com

application article can clients +26

Protected: Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack 4 months, 2 weeks ago | www.praetorian.com

attack cd security ci compromise +5

Understanding the Impact of the new Apache Struts File Upload Vulnerability 5 months, 2 weeks ago | www.praetorian.com

abuse apache apache struts bug +23

SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability 5 months, 3 weeks ago | www.praetorian.com

authentication authentication bypass bypass code +19

Analyzing the SonicWall Custom Grub LUKS Encryption Modifications 5 months, 3 weeks ago | www.praetorian.com

analysis application code code execution +17

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com