https://community.qlik.com/t5/Qlik-Replicate/Qlik-Visibility-Spring-Framework-vulnerability-CVE-2022-22965/m-p/1927023#M2583 <P><SPAN>Looking for guidance on Attunity Visibility software v7.3 impact for Spring Framework vulnerability CVE-2022-22965. PNC Security has requested remediation as per below:</SPAN></P> <P><SPAN>Spring Framework contains a flaw in the CachedIntrospectionResults class in spring-beans/src/main/java/org/springframework/beans/CachedIntrospectionResults.java related to insecure introspection when using request parameter binding. This may allow a remote attacker to invoke arbitrary Java class methods and execute arbitrary code.&nbsp;</SPAN></P> <P><BR /><SPAN>I've found the reference in your support documentation for the subject CVE vulnerability but there is no mention of Qlik Visibility software. Would appreciate some help.</SPAN></P> <P>Using:</P> <P><SPAN>Operating System: Linux</SPAN><BR /><SPAN>Operating System Version: RHEL 7.9</SPAN><BR /><SPAN>Product Release: V7.3</SPAN><BR /><SPAN>Environment Type: Production</SPAN></P> <P><BR /><SPAN>Thank you,</SPAN><BR /><SPAN>Vikki Turner</SPAN></P> Thu, 05 May 2022 16:49:37 GMT Vikki 2022-05-05T16:49:37Z https://community.qlik.com/t5/Qlik-Replicate/Qlik-Visibility-Spring-Framework-vulnerability-CVE-2022-22965/m-p/1927023#M2583 <P><SPAN>Looking for guidance on Attunity Visibility software v7.3 impact for Spring Framework vulnerability CVE-2022-22965. PNC Security has requested remediation as per below:</SPAN></P> <P><SPAN>Spring Framework contains a flaw in the CachedIntrospectionResults class in spring-beans/src/main/java/org/springframework/beans/CachedIntrospectionResults.java related to insecure introspection when using request parameter binding. This may allow a remote attacker to invoke arbitrary Java class methods and execute arbitrary code.&nbsp;</SPAN></P> <P><BR /><SPAN>I've found the reference in your support documentation for the subject CVE vulnerability but there is no mention of Qlik Visibility software. Would appreciate some help.</SPAN></P> <P>Using:</P> <P><SPAN>Operating System: Linux</SPAN><BR /><SPAN>Operating System Version: RHEL 7.9</SPAN><BR /><SPAN>Product Release: V7.3</SPAN><BR /><SPAN>Environment Type: Production</SPAN></P> <P><BR /><SPAN>Thank you,</SPAN><BR /><SPAN>Vikki Turner</SPAN></P> Thu, 05 May 2022 16:49:37 GMT https://community.qlik.com/t5/Qlik-Replicate/Qlik-Visibility-Spring-Framework-vulnerability-CVE-2022-22965/m-p/1927023#M2583 Vikki 2022-05-05T16:49:37Z https://community.qlik.com/t5/Qlik-Replicate/Qlik-Visibility-Spring-Framework-vulnerability-CVE-2022-22965/m-p/1927029#M2586 <P>Good Day!</P> <P>&nbsp;</P> <P><SPAN style="background-color:rgb(255,255,255);color:rgb(24,24,24);font-size:13px;">Visibility is a retired product and no longer supported</SPAN></P> <P>&nbsp;</P> <P><SPAN style="background-color:rgb(255,255,255);color:rgb(24,24,24);font-size:13px;"><A href="https://community.qlik.com/t5/Support-Updates-Blog/Retirement-of-legacy-Attunity-products-on-January-31-2022/ba-p/1732910" target="_blank">https://community.qlik.com/t5/Support-Updates-Blog/Retirement-of-legacy-Attunity-products-on-January-31-2022/ba-p/1732910</A></SPAN></P> <P>&nbsp;</P> <P><SPAN style="background-color:rgb(255,255,255);color:rgb(24,24,24);font-size:13px;">Thanks</SPAN></P> <P><SPAN style="background-color:rgb(255,255,255);color:rgb(24,24,24);font-size:13px;">Lyka</SPAN></P> Thu, 05 May 2022 17:03:01 GMT https://community.qlik.com/t5/Qlik-Replicate/Qlik-Visibility-Spring-Framework-vulnerability-CVE-2022-22965/m-p/1927029#M2586 lyka 2022-05-05T17:03:01Z https://community.qlik.com/t5/Qlik-Replicate/Qlik-Visibility-Spring-Framework-vulnerability-CVE-2022-22965/m-p/1931949#M2708 <P>Hello <a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/160304">@Vikki</a>&nbsp;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <SPAN>The </SPAN>s<SPAN class="lia-message-unread lia-message-unread-windows">pring Framework vulnerability&nbsp; listed here is&nbsp;</SPAN><SPAN> more involved and would probably require code changes. Since the product has reached end of life,&nbsp;</SPAN><SPAN> I am not sure if&nbsp; R&amp;D can rebuild installation kit for you with the fix.&nbsp; That being said, </SPAN><SPAN>I am checking with development team on this to see if we can help you in anyway. So, give me some time and I'll get back to you on this.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks,</SPAN></P> <P><SPAN>Nanda</SPAN></P> Tue, 17 May 2022 16:45:40 GMT https://community.qlik.com/t5/Qlik-Replicate/Qlik-Visibility-Spring-Framework-vulnerability-CVE-2022-22965/m-p/1931949#M2708 Nanda_Ravindra 2022-05-17T16:45:40Z https://community.qlik.com/t5/Qlik-Replicate/Qlik-Visibility-Spring-Framework-vulnerability-CVE-2022-22965/m-p/1938033#M2879 <P>&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/160304">@Vikki</a> I checked with the R&amp;D team, and they did confirm that it needs a code rebuild and since the product has reached the end of life, we won't be able to build the code and share the new build.</P> <P>&nbsp;</P> <P><A href="https://community.qlik.com/t5/Support-Updates-Blog/Retirement-of-legacy-Attunity-products-on-January-31-2022/ba-p/1732910" target="_blank">https://community.qlik.com/t5/Support-Updates-Blog/Retirement-of-legacy-Attunity-products-on-January-31-2022/ba-p/1732910</A></P> <P>&nbsp;</P> <P>Thanks,</P> <P>Nanda</P> Wed, 01 Jun 2022 03:32:19 GMT https://community.qlik.com/t5/Qlik-Replicate/Qlik-Visibility-Spring-Framework-vulnerability-CVE-2022-22965/m-p/1938033#M2879 Nanda_Ravindra 2022-06-01T03:32:19Z