https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1972768#M3558 <P>Case#&nbsp;00050175: Vulnerabilities CVE-2022-22970, CVE-2022-22971 is created for this issue.</P> <P>&nbsp;</P> <H1>&nbsp;</H1> Thu, 25 Aug 2022 03:12:51 GMT vijaynarayanan 2022-08-25T03:12:51Z https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1969507#M3469 <P>Hi Team,</P> <P>Vulnerabilities CVE-2022-22970, CVE-2022-22971 ("Spring Framework Denial of Service (DoS) Data Binding Vulnerability") are detected &nbsp;for the Qlik replicate spring core jar file "/replicate/endpoint_srv/externals/spring-core-5.1.9.RELEASE.jar".&nbsp;</P> <P>Do we have remediation for the detected vulnerability? We need to update the spring-core jar at the earliest.&nbsp;</P> <P>Thanks,</P> <P>~ VJ</P> <P>&nbsp;</P> Wed, 17 Aug 2022 06:54:07 GMT https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1969507#M3469 vijaynarayanan 2022-08-17T06:54:07Z https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1969526#M3470 <P>Hi&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/182336">@vijaynarayanan</a>&nbsp;</P><P>&nbsp;</P><P><SPAN>CVE-2022-22970:</SPAN><BR /><BR /><SPAN>This CVE is a DDoS in the Spring file upload function ( a servlet). QDI products do not use this functionality of Spring (Spring is not used in QDI to offer networking services) and thus, there is no actual risk. Qlik will update this component in the 2022.11 release - since no security issue exists, the change is not updated in older releases.</SPAN><BR /><BR /><BR /><SPAN>CVE-2022-22971:</SPAN><BR /><BR /><SPAN>This CVE is in Spring's STOMP protocol. QDI products do not use this functionality of Spring and thus, there is no actual risk. Qlik will update this component in the 2022.11 release - since no security issue exists, the change is not updated in older releases.</SPAN></P> Wed, 17 Aug 2022 07:20:06 GMT https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1969526#M3470 Arun_Arasu 2022-08-17T07:20:06Z https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1972249#M3532 <P>Team,</P> <P>Do we have the knowledge base article that explains the same information? I need to update my organization with the details.</P> <P>Thanks</P> <P>&nbsp;</P> Wed, 24 Aug 2022 04:46:01 GMT https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1972249#M3532 vijaynarayanan 2022-08-24T04:46:01Z https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1972512#M3535 <P>Hello&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/182336">@vijaynarayanan</a>&nbsp;,</P><P>Unfortunately , there are no&nbsp;&nbsp;<SPAN>knowledge base article that explains the same information.</SPAN></P><P>Regards<SPAN>,</SPAN></P><P><SPAN>Arun</SPAN></P> Wed, 24 Aug 2022 12:42:14 GMT https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1972512#M3535 Arun_Arasu 2022-08-24T12:42:14Z https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1972650#M3546 <P>Hi&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/163799">@Arun_Arasu</a>&nbsp;,</P> <P>&nbsp;</P> <P>My Org is looking for the information in knowledge base article to get the exception. Could you guide on the right process to get that information?</P> <P>&nbsp;</P> <P>Thanks</P> Wed, 24 Aug 2022 16:45:56 GMT https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1972650#M3546 vijaynarayanan 2022-08-24T16:45:56Z https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1972678#M3549 <P><SPAN>Hello&nbsp;</SPAN><A href="https://community.qlik.com/t5/user/viewprofilepage/user-id/182336" target="_blank">@vijaynarayanan</A><SPAN>&nbsp;,</SPAN></P> <P><SPAN>I checked again but as Arun mentioned, no one has created knowledge base article yet on&nbsp;Vulnerability CVE-2022-22970, CVE-2022-22971.</SPAN></P> <P><SPAN>If you need any further assistance on this please create a case, so that our technical support team can assist you.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks</SPAN></P> <P><SPAN>Naren</SPAN></P> Wed, 24 Aug 2022 17:49:22 GMT https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1972678#M3549 narendersarva 2022-08-24T17:49:22Z https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1972768#M3558 <P>Case#&nbsp;00050175: Vulnerabilities CVE-2022-22970, CVE-2022-22971 is created for this issue.</P> <P>&nbsp;</P> <H1>&nbsp;</H1> Thu, 25 Aug 2022 03:12:51 GMT https://community.qlik.com/t5/Qlik-Replicate/Vulnerability-CVE-2022-22970-CVE-2022-22971-replicate-endpoint/m-p/1972768#M3558 vijaynarayanan 2022-08-25T03:12:51Z