The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2024-36077

CVE-2024-36077: Qlik Sense Privilege Escalation Flaw

CVE-2024-36077 is a privilege escalation vulnerability in Qlik Sense Enterprise for Windows that allows remote attackers to gain system-level access and execute commands. This article covers technical details, affected versions, impact analysis, and mitigation strategies.

Updated: January 22, 2026

CVE-2024-36077 Overview

CVE-2024-36077 is a privilege escalation vulnerability affecting Qlik Sense Enterprise for Windows. The flaw exists due to improper validation, which allows a remote attacker with low-level access to elevate their privileges to the internal system role. Once escalated, an attacker can execute arbitrary commands on the server, potentially leading to full system compromise.

Critical Impact

Authenticated attackers can escalate to internal system role and execute commands on the server, potentially compromising the entire Qlik Sense deployment and underlying infrastructure.

Affected Products

  • Qlik Sense Enterprise for Windows February 2024 Patch 3 (14.173.3 through 14.173.7)
  • Qlik Sense Enterprise for Windows November 2023 Patch 8 (14.159.4 through 14.159.13)
  • Qlik Sense Enterprise for Windows August 2023 Patch 13 (14.139.3 through 14.139.20)
  • Qlik Sense Enterprise for Windows May 2023 Patch 15 (14.129.3 through 14.129.22)
  • Qlik Sense Enterprise for Windows February 2023 Patch 13 (14.113.1 through 14.113.18)
  • Qlik Sense Enterprise for Windows November 2022 Patch 13 (14.97.2 through 14.97.18)
  • Qlik Sense Enterprise for Windows August 2022 Patch 16 (14.78.3 through 14.78.23)
  • Qlik Sense Enterprise for Windows May 2022 Patch 17 (14.67.7 through 14.67.31)

Discovery Timeline

  • May 22, 2024 - CVE CVE-2024-36077 published to NVD
  • November 21, 2024 - Last updated in NVD database

Technical Details for CVE-2024-36077

Vulnerability Analysis

This vulnerability stems from improper privilege management (CWE-269) within Qlik Sense Enterprise for Windows. The application fails to properly validate user permissions during certain operations, allowing an authenticated user to manipulate their privilege level. The flaw enables attackers to bypass authorization controls and assume the internal system role, which possesses elevated capabilities including command execution on the underlying Windows server.

The attack requires network access and low-level authentication but does not require user interaction. Once exploited, the attacker gains the ability to execute commands with elevated privileges, potentially accessing sensitive data, modifying configurations, or establishing persistence within the environment.

Root Cause

The root cause of CVE-2024-36077 is improper validation in the privilege management mechanism of Qlik Sense Enterprise for Windows. The application does not adequately verify that privilege escalation requests are legitimate, allowing authenticated users to elevate their role to the internal system account. This is classified under CWE-269 (Improper Privilege Management), indicating a fundamental flaw in how the application enforces role-based access controls.

Attack Vector

The attack is conducted remotely over the network. An authenticated attacker with low-level privileges can exploit the improper validation mechanism to escalate their privileges to the internal system role. This role has the capability to execute commands on the server, providing the attacker with significant control over the Qlik Sense environment and potentially the underlying Windows system.

The exploitation flow involves:

  1. Authenticating to the Qlik Sense Enterprise application with a low-privileged account
  2. Exploiting the improper validation flaw to request privilege escalation
  3. Successfully assuming the internal system role
  4. Executing arbitrary commands on the Windows server

Since no verified code examples are available, organizations should refer to the Qlik Support Article on Security Fixes for detailed technical information about the vulnerability mechanism.

Detection Methods for CVE-2024-36077

Indicators of Compromise

  • Unexpected privilege escalation events in Qlik Sense audit logs showing users gaining internal system role access
  • Unusual command execution activity originating from Qlik Sense server processes
  • Authentication logs showing low-privileged accounts performing administrative actions
  • Anomalous API requests targeting privilege management endpoints

Detection Strategies

  • Monitor Qlik Sense audit logs for privilege escalation attempts and role changes
  • Implement alerting on command execution from Qlik Sense service accounts
  • Review Windows security event logs for process creation events from Qlik Sense processes
  • Deploy network detection rules to identify suspicious API traffic patterns to Qlik Sense servers

Monitoring Recommendations

  • Enable comprehensive audit logging in Qlik Sense Enterprise for Windows
  • Configure SIEM rules to correlate Qlik Sense authentication events with subsequent privilege changes
  • Monitor for lateral movement attempts originating from Qlik Sense servers
  • Establish baseline behavior for legitimate internal system role usage and alert on deviations

How to Mitigate CVE-2024-36077

Immediate Actions Required

  • Update Qlik Sense Enterprise for Windows to a patched version immediately
  • Review audit logs for any signs of exploitation prior to patching
  • Restrict network access to Qlik Sense servers to trusted networks only
  • Implement additional monitoring on Qlik Sense server processes and command execution

Patch Information

Qlik has released security patches addressing this vulnerability across multiple release branches. Organizations should update to one of the following patched versions based on their current deployment:

  • May 2024: 14.187.4
  • February 2024 Patch 4: 14.173.8
  • November 2023 Patch 9: 14.159.14
  • August 2023 Patch 14: 14.139.21
  • May 2023 Patch 16: 14.129.23
  • February 2023 Patch 14: 14.113.19
  • November 2022 Patch 14: 14.97.19
  • August 2022 Patch 17: 14.78.25
  • May 2022 Patch 18: 14.67.34

For detailed patch information and download links, refer to the Qlik Support Article on Security Fixes.

Workarounds

  • Implement strict network segmentation to limit access to Qlik Sense Enterprise servers
  • Apply the principle of least privilege for all Qlik Sense user accounts
  • Enable enhanced logging and monitoring while awaiting patch deployment
  • Consider temporarily restricting remote access to the Qlik Sense environment if patching is not immediately possible

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypePrivilege Escalation
  • Vendor/TechQlik Sense
  • SeverityHIGH
  • CVSS Score8.8
  • EPSS Probability1.07%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-269
  • Technical References
  • Qlik Support Article on Security Fixes
  • Related CVEs
  • CVE-2023-41265: Qlik Sense Privilege Escalation Flaw
  • CVE-2023-41266: Qlik Sense Path Traversal Vulnerability
  • CVE-2023-48365: Qlik Sense RCE Vulnerability
  • CVE-2024-55580: Qlik Sense Enterprise RCE Vulnerability
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English