{"api_version":"1","generated_at":"2026-05-13T04:43:51+00:00","cve":"CVE-2023-48365","urls":{"html":"https://cve.report/CVE-2023-48365","api":"https://cve.report/api/cve/CVE-2023-48365.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-48365","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-48365"},"summary":{"title":"Qlik Sense HTTP Tunneling Vulnerability","description":"Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.","state":"PUBLISHED","assigner":"","published_at":"2023-11-15 22:15:00","updated_at":"2023-11-16 01:43:00"},"problem_types":[],"metrics":[],"references":[{"url":"https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510","name":"https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510","refsource":"","tags":[],"title":"Critical Security fixes for Qlik Sense Enterprise ... - Qlik Community - 2120325","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-48365","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48365","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2023","cve_id":"48365","cve":"CVE-2023-48365","vendorProject":"Qlik","product":"Sense","vulnerabilityName":"Qlik Sense HTTP Tunneling Vulnerability","dateAdded":"2025-01-13","shortDescription":"Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","dueDate":"2025-02-03","knownRansomwareCampaignUse":"Known","notes":"https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510 ; https://nvd.nist.gov/vuln/detail/CVE-2023-48365","cwes":"CWE-444","catalogVersion":"2026.05.08","updated_at":"2026-05-08 17:29:15"},"epss":{"cve_year":"2023","cve_id":"48365","cve":"CVE-2023-48365","epss":"0.614890000","percentile":"0.983460000","score_date":"2026-05-12","updated_at":"2026-05-13 00:11:55"},"legacy_qids":[{"cve":"CVE-2023-48365","qid":"379333","title":"Qlik Sense Enterprise for Windows Remote Code Execution (RCE) Vulnerability (Authenticated)"},{"cve":"CVE-2023-48365","qid":"730994","title":"Qlik Sense Enterprise for Windows Multiple Security Vulnerabilities"}]},"source_records":{"cve_program":null,"nvd":{"publishedDate":"2023-11-15 22:15:00","lastModifiedDate":"2023-11-16 01:43:00","problem_types":[],"metrics":[],"configurations":{"CVE_data_version":"4.0","nodes":[]}},"legacy_mitre":{"record":null,"notes":[]}}}