[Solved] CVE-2024-48365 Qlik Sense HTTP Tunneling Vulnerability

Qlik Sense HTTP Tunneling Vulnerability CVE-2024-48365

Introduction:

In the fast-paced world of data analytics, businesses rely on tools that provide insights from large volumes of data. One such tool is Qlik Sense, an enterprise-level business intelligence (BI) and data visualization platform designed to make data more accessible, understandable, and actionable for organizations. However, like many powerful software tools, Qlik Sense has faced its own set of security challenges. A critical vulnerability, CVE-2024-48365, was recently identified in Qlik Sense that puts user data and systems at risk. In this blog post, we’ll explore what Qlik Sense is, detail the nature of the CVE-2024-48365 vulnerability, and provide insights on how to mitigate the risk and secure your environment.

 

What is Qlik?


Qlik is a leading data analytics and business intelligence (BI) platform that helps organizations harness the power of their data to make more informed decisions. Qlik Sense, a key product of Qlik, is a self-service data visualization and analytics platform that allows users to explore, analyze, and share data insights in real-time. One of its key features is its associative model, which allows users to see how different pieces of data are connected, offering more flexible and deeper insights compared to traditional BI tools.

 

Qlik Sense offers various features, including:

Data Discovery: Users can interact with data visualizations, gain insights, and make data-driven decisions.
Self-Service Analytics: With Qlik Sense, business users can create their own reports and dashboards without needing advanced technical skills.
Data Connectivity: It connects to a wide variety of data sources, such as databases, cloud services, and third-party applications, making it highly adaptable to different environments.
Collaboration: It allows users to share insights and collaborate across teams, ensuring that data-driven decisions are consistent across the organization.
Cloud and On-Premises Deployment: Qlik Sense offers flexible deployment options, allowing organizations to choose between on-premises or cloud-based implementations.
Despite its power and flexibility, like any software, Qlik Sense is vulnerable to security threats. Ensuring that the platform is properly secured is critical for organizations to protect their sensitive data.

 

What is CVE-2024-48365?


CVE-2024-48365 is a severe vulnerability found in Qlik Sense Enterprise for Windows, related to its handling of HTTP requests. This vulnerability occurs due to improper validation of HTTP headers in the Qlik Sense system. Essentially, it opens the door for malicious actors to exploit the system, allowing them to perform unauthorized actions such as remote code execution (RCE). Let’s break down the specific technical details of this vulnerability.

The Nature of the Vulnerability


The CVE-2024-48365 vulnerability is categorized as a critical security flaw that affects Qlik Sense Enterprise for Windows prior to specific patches being applied. It is an HTTP tunneling vulnerability that allows an attacker to bypass the standard security protocols and escalate privileges within the system. This can lead to significant consequences, such as:

  • Remote Code Execution (RCE): The attacker could potentially run arbitrary code on the backend server, gaining unauthorized access and control over the system.
  • Privilege Escalation: Attackers could elevate their privileges within the Qlik Sense platform, leading to unauthorized access to sensitive data and administrative functionalities.
  • Data Breach: If attackers gain control over the system, they could expose, alter, or delete critical business data, potentially leading to significant reputational and financial damage.
    The vulnerability arises because of how HTTP requests are processed, with insufficient validation and improper filtering of the data sent via these requests. This flaw enables attackers to send specially crafted HTTP requests that the system improperly processes, potentially resulting in unauthorized access and control over critical Qlik Sense components.

 

How Serious is CVE-2024-48365?


The severity of CVE-2024-48365 has been classified as critical with a CVSS v3.1 score of 9.6 out of 10. This high rating underscores the dangerous nature of the vulnerability. Exploiting this flaw would allow attackers to gain unauthorized access to the backend server without needing authentication, making it especially easy for attackers to execute their malicious actions.

The vulnerability has been added to the Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities Catalog, signifying that it is actively being exploited in the wild. This highlights the urgency of addressing this issue for any organization using Qlik Sense.

 

How to Fix the Vulnerability?


Given the severity of CVE-2024-48365, organizations using Qlik Sense Enterprise for Windows need to take immediate action to protect their systems. The recommended approach to mitigate the risks associated with this vulnerability is to apply the relevant security patches provided by Qlik. Let’s go over the steps to ensure that your system is secure.

Step 1: Identify Your Current Version of Qlik Sense


The first step in mitigating this vulnerability is to determine whether your organization’s version of Qlik Sense is affected. The vulnerability impacts versions of Qlik Sense Enterprise for Windows released before certain security patches were made available.

If you are running any of the following affected versions, your system is vulnerable:

August 2023 Patch 1
May 2023 Patch 5
February 2023 Patch 9
November 2022 Patch 11
August 2022 Patch 13
May 2022 Patch 15
February 2022 Patch 14
November 2021 Patch 16


Step 2: Apply the Security Patches


Qlik has released several patches to address the CVE-2024-48365 vulnerability. These patches contain fixes that resolve the issue and mitigate the risk of exploitation. The affected versions should be upgraded to one of the following secure versions:

November 2023 IR
August 2023 Patch 2
May 2023 Patch 6
February 2023 Patch 10
November 2022 Patch 12
August 2022 Patch 14
May 2022 Patch 16
February 2022 Patch 15
November 2021 Patch 17
By upgrading to these versions, your system will receive the necessary updates that correct the HTTP tunneling vulnerability and protect it from exploitation.

 

Step 3: Verify the Update


Once you have applied the security patches, it is crucial to verify that the update was successful. Perform the following steps to ensure that the security fix has been implemented properly:

Check the Patch Version: Verify that your Qlik Sense system is running one of the updated versions listed above.
Run Security Scans: Use vulnerability scanning tools to ensure that there are no remaining issues in your environment.
Test the Functionality: After applying the patch, test the system to ensure that all features are working correctly and that no new issues have been introduced.


Step 4: Stay Updated


Security is an ongoing process, and vulnerabilities like CVE-2024-48365 are a reminder of how critical it is to stay on top of updates and patches. Make sure that your organization subscribes to Qlik’s security mailing list or regularly checks for updates on the official Qlik website to ensure that your systems are always up to date.

Additionally, monitor your systems for any unusual activity that might indicate an attempted exploitation of vulnerabilities. Implementing a robust security monitoring solution can help you detect and respond to security threats in real-time.

 

Conclusion


Qlik Sense is an invaluable tool for organizations looking to unlock the power of their data and make informed, data-driven decisions. However, with such powerful tools comes the responsibility to ensure that they are properly secured. The CVE-2024-48365 vulnerability is a critical security issue that requires immediate attention from organizations using Qlik Sense Enterprise for Windows. By applying the relevant security patches and following best practices for system maintenance and monitoring, organizations can protect their systems from potential exploits and continue to leverage Qlik Sense’s powerful capabilities without putting their data at risk.

In today’s fastest evolving cybersecurity environment, staying informed about vulnerabilities like CVE-2024-48365 is essential for maintaining the integrity and security of business-critical systems. By acting promptly and responsibly, organizations can minimize their exposure to security risks and maintain a secure data environment for their teams and customers.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top