Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Qlik Sense Enterprise Domain User enumeration
Vulnerability Description
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. The affected URI is /internal_forms_authentication/ the response time of the form is longer if the supplied user does not exists and shorter if the user exists.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
响应差异性信息暴露
Vulnerability Title
Qlik Community 信息泄露漏洞
Vulnerability Description
Qlik Community是一种数据分析解决方案。 Qlik Community 存在信息泄露漏洞,该漏洞源于允许远程攻击者枚举域用户帐户。 攻击者可以通过向受影响的系统发送经过身份验证的请求来利用此漏洞。 成功的利用可能允许攻击者比较受影响系统返回的响应时间,以确定哪些帐户是有效的用户帐户。 受影响的系统只有在配置了 LDAP 时才容易受到攻击。
CVSS Information
N/A
Vulnerability Type
N/A