CVE-2024-55580
Description
Unprivileged users with network access can exploit broken access control in Qlik Sense Enterprise for Windows to execute remote commands, causing high availability, integrity, and confidentiality risks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unprivileged users with network access can exploit broken access control in Qlik Sense Enterprise for Windows to execute remote commands, causing high availability, integrity, and confidentiality risks.
Vulnerability
Details
CVE-2024-55580 is a broken access control vulnerability in Qlik Sense Enterprise for Windows, discovered during internal security testing. The issue affects all versions prior to the November 2024 IR, as well as specific patches from May 2023 through May 2024. [1]
Exploitation
An unprivileged user with network access to the Qlik Sense installation can exploit this weakness to execute remote commands. The CVSS v3.1 score of 7.5 (High) reflects the need for user interaction and high attack complexity, yet no authentication is required. [1]
Impact
Successful exploitation can lead to high availability damages, along with significant integrity and confidentiality risks. This could ultimately compromise the server running Qlik Sense. [1]
Mitigation
Qlik has released patches to fix this vulnerability. The official advisory recommends updating to November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, or February 2023 Patch 15. [1]
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: before November 2024 IR
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.