CVE-2024-36077
📋 TL;DR
CVE-2024-36077 is a privilege escalation vulnerability in Qlik Sense Enterprise for Windows where improper validation allows remote attackers to elevate privileges to the internal system role. This enables execution of arbitrary commands on the server. Affected versions span multiple patch releases from May 2022 through February 2024.
💻 Affected Systems
- Qlik Sense Enterprise for Windows
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining administrative control over the Qlik Sense server, enabling data theft, lateral movement, and persistent backdoor installation.
Likely Case
Unauthorized access to sensitive business intelligence data, manipulation of analytics dashboards, and potential ransomware deployment.
If Mitigated
Limited impact if network segmentation restricts Qlik Sense servers from critical infrastructure and proper access controls are in place.
🎯 Exploit Status
While no public exploit exists, the vulnerability description suggests straightforward exploitation once initial access is obtained. Attackers need some level of access to the Qlik Sense environment first.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 14.187.4 (May 2024) or specific patch updates for each affected version series
Vendor Advisory: https://community.qlik.com/t5/Official-Support-Articles/High-Severity-Security-fixes-for-Qlik-Sense-Enterprise-for/ta-p/2452509
Restart Required: Yes
Instructions:
1. Identify your current Qlik Sense version. 2. Download the appropriate patch from Qlik's official support portal. 3. Apply the patch following Qlik's installation documentation. 4. Restart the Qlik Sense services. 5. Verify the patch was successfully applied.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to Qlik Sense servers to only authorized users and systems
Access Control Hardening
allImplement strict role-based access control and monitor for privilege escalation attempts
🧯 If You Can't Patch
- Implement network segmentation to isolate Qlik Sense servers from critical infrastructure
- Enable detailed logging and monitoring for privilege escalation attempts and unusual administrative activities
🔍 How to Verify
Check if Vulnerable:
Check Qlik Sense version via Qlik Management Console or by examining installed programs in Windows Control PanelCheck Version:
Check Qlik Management Console or examine registry at HKEY_LOCAL_MACHINE\SOFTWARE\QlikTech\Sense\ServerVerify Fix Applied:
Verify version number is at or above the patched versions listed in the advisory📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation events
- Unexpected system role assignments
- Suspicious command execution patterns
Network Indicators:
- Unusual administrative traffic to Qlik Sense servers
- Anomalous authentication patterns
SIEM Query:
source="qlik_sense" AND (event_type="privilege_escalation" OR user_role_changed="system_role")