Patch now! Attacks on BeyondTrust PRA/RS and Qlik Sense
The US security authority CISA warns of attacks on remote access software from BeyondTrust and the data analysis solution Qlik Sense Enterprise.
(Image: solarseven/Shutterstock.com)
Due to ongoing attacks, admins should update BeyondTrust Privileged Remote Access (PRA), Remote Support (RS) and Qlik Sense Enterprise. The extent of the attacks is currently unknown.
Patch now!
The currently exploited vulnerabilities in BeyondTrust PRA/RS(CVE-2024-12686 “medium”) and Qlik Sense(CVE-2023-48365 “critical”) were recently added to the US Cybersecurity & Infrastructure Security Agency's (CISA) catalog of exploited software vulnerabilities. Attackers have also been targeting another BeyondTrust vulnerability (CVE-2024-12356 “critical”) since December 2024.
In the latter case, remote attacks are possible without authentication and attackers can completely compromise systems. To exploit the other vulnerability, attackers must already have admin rights. The developers state that they have secured version 22.1.x.
Videos by heise
Because vulnerable versions of Qlik Sense Enterprise do not sufficiently check HTTP headers, remote attackers can use crafted HTTP requests to target the vulnerability to execute malicious code. In a warning message, the developers list the issues that have been secured against this.
(des)
