QlikView Patches High Severity Privilege Escalation Vulnerability (CVE-2024-29863)

Qlik, the popular business intelligence software vendor, has released urgent security patches to address a critical vulnerability in its QlikView platform. This flaw (CVE-2024-29863) could allow a malicious user with existing access to a Windows system running QlikView to escalate their privileges to the Administrator level.

How the Exploit Works

With a CVSS score of 7.8, the vulnerability stems from a race condition within the QlikView installer. This condition, if successfully exploited, can trick the installer into executing unauthorized code with administrative rights. In essence, a low-level user could gain full control over the system.

Risk Implications

The implications of this privilege escalation are severe:

• Complete System Takeover: An attacker could install malicious software, modify system settings, and access sensitive data.
• Lateral Movement: They could use the compromised QlikView server as a launchpad to attack other systems on the network.
• Data Exfiltration: Sensitive business intelligence stored and processed by QlikView could be stolen.

Discovery and Responsible Reporting

This vulnerability was discovered and reported to Qlik by security researchers Pawel Karwowski and Julian Horoszkiewicz from Eviden Red Team.

Urgent Action Required

QlikView users are strongly urged to update immediately to one of the patched versions:

• QlikView May 2023 SR2 (12.80.20200)
• QlikView May 2022 SR3 (12.70.20300)

Fortunately, Qlik is unaware of any active exploits targeting this vulnerability.