CVE-2023-41265

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.

Published: Aug 29, 2023
Updated: Nov 4, 2025
CVE: CVE-2023-41265
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.6
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CWEs:

CWE-444

Affected Software
References

Software	From	Fixed in
qlik / qlik_sense	august_2022-patch_12	august_2022-patch_12.x
qlik / qlik_sense	august_2022-patch_11	august_2022-patch_11.x
qlik / qlik_sense	august_2022-patch_10	august_2022-patch_10.x
qlik / qlik_sense	august_2022-patch_9	august_2022-patch_9.x
qlik / qlik_sense	august_2022-patch_8	august_2022-patch_8.x
qlik / qlik_sense	august_2022-patch_7	august_2022-patch_7.x
qlik / qlik_sense	august_2022-patch_6	august_2022-patch_6.x
qlik / qlik_sense	august_2022-patch_5	august_2022-patch_5.x
qlik / qlik_sense	august_2022-patch_4	august_2022-patch_4.x
qlik / qlik_sense	august_2022-patch_3	august_2022-patch_3.x
qlik / qlik_sense	august_2022-patch_2	august_2022-patch_2.x
qlik / qlik_sense	august_2022-patch_1	august_2022-patch_1.x
qlik / qlik_sense	august_2022	august_2022.x
qlik / qlik_sense	november_2022-patch_10	november_2022-patch_10.x
qlik / qlik_sense	november_2022-patch_9	november_2022-patch_9.x
qlik / qlik_sense	november_2022-patch_8	november_2022-patch_8.x
qlik / qlik_sense	november_2022-patch_7	november_2022-patch_7.x
qlik / qlik_sense	november_2022-patch_6	november_2022-patch_6.x
qlik / qlik_sense	november_2022-patch_5	november_2022-patch_5.x
qlik / qlik_sense	november_2022-patch_4	november_2022-patch_4.x
qlik / qlik_sense	november_2022-patch_3	november_2022-patch_3.x
qlik / qlik_sense	november_2022-patch_2	november_2022-patch_2.x
qlik / qlik_sense	november_2022-patch_1	november_2022-patch_1.x
qlik / qlik_sense	november_2022	november_2022.x
qlik / qlik_sense	february_2023-patch_7	february_2023-patch_7.x
qlik / qlik_sense	february_2023-patch_6	february_2023-patch_6.x
qlik / qlik_sense	february_2023-patch_5	february_2023-patch_5.x
qlik / qlik_sense	february_2023-patch_4	february_2023-patch_4.x
qlik / qlik_sense	february_2023-patch_3	february_2023-patch_3.x
qlik / qlik_sense	february_2023-patch_2	february_2023-patch_2.x
qlik / qlik_sense	february_2023-patch_1	february_2023-patch_1.x
qlik / qlik_sense	february_2023	february_2023.x
qlik / qlik_sense	may_2023-patch_2	may_2023-patch_2.x
qlik / qlik_sense	may_2023-patch_1	may_2023-patch_1.x
qlik / qlik_sense	may_2023	may_2023.x
qlik / qlik_sense	may_2023-patch3	may_2023-patch3.x

Vulnerability Database

315,363

CVE-2023-41265

Deep Security Visibility Without the Complexity