CVE-2023-41265

Vulnerability updated 2 months ago (2024-11-29T14:19:16.304Z)

Download STIX

Preview STIX

CVE-2023-41265 is a notable software vulnerability that was exploited by the threat actor known as Magnet Goblin. This flaw, present in the Qlik Sense business analytics servers, pertains to software design or implementation. The vulnerability was one of several weaponized by Magnet Goblin in their cyber-attacks, which included other vulnerabilities in Magento and Ivanti Connect Secure. The exploitation of CVE-2023-41265 led to an HTTP interpretation issue due to inadequate validation of HTTP requests. This problem arose from an incomplete fix for #VU80193, demonstrating the potential risk of partial solutions to such vulnerabilities. Other related vulnerabilities in Qlik Sense were also exploited by Magnet Goblin, including CVE-2023-41266 and CVE-2023-48365, the latter being a direct consequence of the initial CVE-2023-41265 vulnerability. Magnet Goblin's attacks targeted multiple systems, leveraging these vulnerabilities to gain unauthorized access. In addition to Qlik Sense servers, the actor attacked Ivanti Connect Secure using CVE-2023-46805 and multiple 2024 CVEs, Magento using CVE-2022-24086, and possibly Apache ActiveMQ servers. These broad-based attacks underscore the importance of comprehensive system security measures and prompt patching of identified vulnerabilities.

Description last updated: 2024-03-15T19:19:18.120Z

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the CVE-2023-41265 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	9 months ago	Thousands of Qlik Sense Servers Open to Cactus Ransomware
CERT-EU	a year ago	Cyber Security Week in Review: March 15, 2024
CERT-EU	a year ago	Magnet Goblin Uses 1-Day Exploits to Drop Custom Malware on Linux, Windows
CERT-EU	a year ago	Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware
CERT-EU	a year ago	Magnet Goblin exploits Ivanti, Magento, Qlink Sense flaws to drop malware
Securityaffairs	a year ago	Magnet Goblin group used a new Linux variant of NerbianRAT malware - Security Affairs
Checkpoint	a year ago	Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities - Check Point Research
Securityaffairs	a year ago	CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
CERT-EU	a year ago	CISA adds Qlik bugs to exploited vulnerabilities catalog
CERT-EU	a year ago	CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA	a year ago	CISA Adds Two Known Exploited Vulnerabilities to Catalog \| CISA
CERT-EU	a year ago	New DanaBot malvertising campaign delivers Cactus ransomware
CERT-EU	a year ago	CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks
CERT-EU	a year ago	CACTUS Ransomware Exploiting Qlik Sense Flaws
CERT-EU	a year ago	DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution