Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
NEW: Seamless Public Data Sharing with Qlik's New Anonymous Access Capability: TELL ME MORE!

"Open URL" and "Launch" disabled for document sheet buttons in latest QlikView Plugin releases

No ratings
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sonja_Bauernfeind
Digital Support
Digital Support

"Open URL" and "Launch" disabled for document sheet buttons in latest QlikView Plugin releases

Last Update:

Sep 24, 2020 7:14:42 AM

Updated By:

Sonja_Bauernfeind

Created date:

Aug 13, 2020 5:50:35 AM

A document sheet can have buttons, which in turn can have associated Actions. 

These Actions can be of several types, but there are two in particular which have been disabled in the Internet Explorer Plugin due to security concerns:

  • Launch
  • Open URL

buttons.png

 

See QV-20715: Remote Code Execution RCE. QvPlugin IE for QCS 

To benefit from the security fixes the Internet Explorer plugin need to be updated.

After an update, the disabled features can be re-enabled (not recommended). 

Environment:

QlikView April 2020 12.50 SR1
QlikView April 2019 12.40 SR4
QlikView November 2018 12.30 SR5
QlikView November 2017 12.20 SR11
QlikView 11.20 SR21

 

Resolution

A new switch has been added to re-enable these functionalities. Please, consider that this is a security risk. The setting needs to be changed on each individual Internet Explorer Plugin installation. 

  • Locate: Edit the settings.ini file in C:\Users\username\AppData\Roaming\QlikTech\QlikView
  • in the [Settings 7] section add the line Allow20715=1 

 

Labels (1)
Labels:
6,101 Views
Was this article helpful? Yes No
Comments
diegoberriel
Contributor II
Contributor II
‎2020-11-12 05:07 PM

Hi @Sonja_Bauernfeind,

Is there no way to get this enabled from server side avoiding change the setting for every single user? We have more than 2000 Qv users and several reports have link between reports and internal services pages.

Thanks

Regards,

Diego

Sonja_Bauernfeind
Digital Support
Digital Support
‎2020-11-16 03:11 AM

Hello @diegoberriel 

Not currently, no. I would suggest logging an Idea on this in our Ideas forum: https://community.qlik.com/t5/Ideas/idb-p/qlik-ideas

This will ensure that our developers know how this feature is requested. If you let me know after you posted it, I can give it a vote! 

dapostolopoylos
Creator III
Creator III
‎2021-03-22 08:24 AM

This is bad news...

qvd1rkqv
Creator
Creator
‎2021-03-25 01:58 PM

Because we are using the IE Plugin on Edge in IE Mode,  Is this still a security vulnerability on MS Edge in IE Mode? 

Sonja_Bauernfeind
Digital Support
Digital Support
‎2021-03-29 03:10 AM

@qvd1rkqv This fix was introduced for the QlikView Plugin, independent in what version (or IE Mode in Edge) it is being run.

Contributors
Version history
Last update:
‎2020-09-24 07:14 AM
Updated by:
Digital Support