CVE-2024-55579

Q: What is the severity of CVE-2024-55579?

CVE-2024-55579 has been classified as a high severity vulnerability.

Q: How do I fix CVE-2024-55579?

To fix CVE-2024-55579, update your Qlik Sense Enterprise for Windows to the version released in November 2024 IR or apply the patches available for May 2024 Patch 10 or February 2024 Patch 14.

Q: Who is affected by CVE-2024-55579?

CVE-2024-55579 affects users of Qlik Sense Enterprise for Windows prior to November 2024 IR.

Q: What can an unprivileged user do in CVE-2024-55579?

An unprivileged user with network access may exploit CVE-2024-55579 to create connection objects that can execute arbitrary EXE files.

Q: Is there a workaround for CVE-2024-55579?

There is no documented workaround for CVE-2024-55579, so updating to the fixed versions is recommended.

Published Dec 9, 2024

Updated

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, and February 2023 Patch 15.

Affected Software

1 affected component

Qlik Sense Enterprise for Windows<November 2024 IR

Event History

Dec 9, 2024

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

DescriptionSeverity

Data Sourced

via NVD·03:15 AM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2024-55579?

CVE-2024-55579 has been classified as a high severity vulnerability.

How do I fix CVE-2024-55579?

To fix CVE-2024-55579, update your Qlik Sense Enterprise for Windows to the version released in November 2024 IR or apply the patches available for May 2024 Patch 10 or February 2024 Patch 14.

Who is affected by CVE-2024-55579?

CVE-2024-55579 affects users of Qlik Sense Enterprise for Windows prior to November 2024 IR.

What can an unprivileged user do in CVE-2024-55579?

An unprivileged user with network access may exploit CVE-2024-55579 to create connection objects that can execute arbitrary EXE files.

Is there a workaround for CVE-2024-55579?

There is no documented workaround for CVE-2024-55579, so updating to the fixed versions is recommended.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.