CVE-2024-29863: Race Condition
First published: Fri Apr 05 2024(Updated: )
A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be executed in the context of a Windows Administrator.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QlikView Server | <12.70.20300<12.80.20200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-29863?
CVE-2024-29863 is considered to have a high severity due to the potential for privileged code execution.
How do I fix CVE-2024-29863?
To fix CVE-2024-29863, upgrade Qlik QlikView to versions May 2022 SR3 (12.70.20300) or May 2023 SR2 (12.80.20200) or later.
Who is affected by CVE-2024-29863?
CVE-2024-29863 affects users of Qlik QlikView versions prior to May 2022 SR3 and May 2023 SR2.
What type of vulnerability is CVE-2024-29863?
CVE-2024-29863 is a race condition vulnerability in the installer executable.
Can CVE-2024-29863 allow unauthorized actions?
Yes, CVE-2024-29863 may allow a lower privileged user to execute code with Windows Administrator privileges.
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/qlik
- canonical/qlikview server