CVE-2024-55579
📋 TL;DR
This vulnerability in Qlik Sense Enterprise for Windows allows unprivileged users with network access to create connection objects that execute arbitrary EXE files, potentially leading to remote code execution. It affects Qlik Sense Enterprise for Windows installations before specific patch releases. The issue is fixed in multiple patch releases dating back to February 2023.
💻 Affected Systems
- Qlik Sense Enterprise for Windows
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.
Likely Case
Unauthorized users gaining elevated privileges and executing malicious code on affected Qlik Sense servers.
If Mitigated
Limited impact if proper network segmentation and access controls prevent unprivileged users from reaching vulnerable systems.
🎯 Exploit Status
Exploitation requires network access but not authentication. The vulnerability description suggests straightforward exploitation by creating connection objects.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, or February 2023 Patch 15
Vendor Advisory: https://community.qlik.com/t5/Official-Support-Articles/High-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows-CVEs/tac-p/2496004
Restart Required: Yes
Instructions:
1. Identify your current Qlik Sense Enterprise for Windows version. 2. Apply the appropriate patch from the vendor advisory. 3. Restart the Qlik Sense services or server as required. 4. Verify the patch installation.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to Qlik Sense servers to only authorized users and systems.
Connection Object Monitoring
windowsMonitor and audit creation of connection objects for suspicious activity.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Qlik Sense servers from untrusted networks.
- Apply principle of least privilege and monitor for unauthorized connection object creation.
🔍 How to Verify
Check if Vulnerable:
Check Qlik Sense version against affected versions list. If version is earlier than the patched versions listed, the system is vulnerable.Check Version:
Check Qlik Sense Management Console or use PowerShell: Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like '*Qlik Sense*'} | Select-Object Name, VersionVerify Fix Applied:
Verify that the Qlik Sense version matches or exceeds one of the patched versions: November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, or February 2023 Patch 15.📡 Detection & Monitoring
Log Indicators:
- Unusual connection object creation events
- Execution of unexpected EXE files from connection objects
- Authentication logs showing unauthorized access attempts
Network Indicators:
- Network traffic to Qlik Sense servers from unexpected sources
- Suspicious outbound connections following connection object creation
SIEM Query:
source="qlik_sense_logs" AND (event_type="connection_object_creation" OR process_execution="*.exe")