These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2023-48365 is a Qlik Sense HTTP Tunneling Vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-01-13. The supplied KEV record marks known ransomware campaign use as "Known," so this should be treated as actively exploited and prioritized for immediate mitigation.
CVE-2023-41266 is a Qlik Sense path traversal vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2023-12-07. CISA marks it as known to be used in ransomware campaigns and directs organizations to apply vendor remediations or mitigations, or discontinue use of the product if those are unavailable.
CVE-2023-41265 is a Qlik Sense HTTP tunneling vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2023-12-07. CISA marked it as known exploited and noted known ransomware campaign use, which makes this an urgent remediation item for any organization running affected Qlik Sense deployments. The CISA remediation deadline was 2023-12-28.