CVE-2024-55579 is a vulnerability discovered in Qlik Sense Enterprise for Windows, affecting versions prior to the November 2024 IR and multiple earlier patches. The vulnerability allows an unprivileged user with network access to create connection objects that can trigger the execution of arbitrary executable files (EXE). This means an attacker who can interact with the system over the network, without needing any prior authentication, can craft connection objects that cause the system to run malicious code. The vulnerability stems from improper authorization controls (CWE-863), where the system fails to adequately restrict the creation of connection objects to privileged users only. Exploitation requires user interaction, likely involving the acceptance or triggering of the malicious connection object. The CVSS v3.1 base score is 8.8, reflecting high severity due to the potential for remote code execution, high impact on confidentiality, integrity, and availability, and the lack of required privileges for exploitation. The vulnerability has been addressed in multiple patches, including the November 2024 IR, May 2024 Patch 10, and several earlier patches dating back to February 2023. No known exploits have been reported in the wild yet, but the risk remains significant given the ease of exploitation and the critical nature of the affected software.

The vulnerability poses a serious risk to organizations using Qlik Sense Enterprise for Windows, especially those with network-exposed instances. An attacker exploiting this flaw can execute arbitrary code remotely, potentially leading to full system compromise. This can result in unauthorized data access, data manipulation, disruption of business intelligence operations, and lateral movement within the network. The high impact on confidentiality, integrity, and availability means sensitive business data and analytics could be exposed or corrupted, undermining decision-making processes. Additionally, the ability to execute arbitrary EXE files could allow attackers to deploy malware, ransomware, or establish persistent backdoors. Organizations in sectors relying heavily on Qlik Sense for data analytics—such as finance, healthcare, manufacturing, and government—face increased operational and reputational risks. The lack of required privileges lowers the barrier for attackers, increasing the likelihood of exploitation if patches are not applied promptly.

To mitigate this vulnerability, organizations should immediately apply the latest security patches provided by Qlik, specifically the November 2024 IR or any of the earlier patches mentioned (May 2024 Patch 10, February 2024 Patch 14, etc.). Network segmentation should be employed to restrict access to Qlik Sense Enterprise servers only to trusted users and systems. Implement strict monitoring and alerting for unusual creation of connection objects or execution of unexpected EXE files within the Qlik environment. Employ application whitelisting to prevent unauthorized executables from running. User interaction required for exploitation suggests that user training and awareness about suspicious prompts or connection requests can reduce risk. Additionally, review and harden access controls to limit who can create or modify connection objects. Regularly audit Qlik Sense configurations and logs for signs of exploitation attempts. Consider deploying endpoint detection and response (EDR) solutions to detect and block malicious activities related to this vulnerability.