https://community.qlik.com/t5/Management-Governance/Qliksense-and-Apache-Open-SSL-vulnerabilities/m-p/1888231#M21226 <P>Hi <a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/29334">@markdur101</a>,</P> <P>Qlik Sense doesn't use an&nbsp;Apache/ Open SSL web server&nbsp;by default but can be configured to work with one as a reverse proxy/SAML -&nbsp;<A href="https://community.qlik.com/t5/Knowledge/Quick-guide-to-configure-Apache-as-a-Reverse-Proxy-with-HTTPS/ta-p/1713172" target="_blank">Quick guide to configure Apache as a Reverse Proxy with HTTPS, ADFS SAML and Qlik Sense</A>.</P> <P>&nbsp;</P> Wed, 02 Feb 2022 15:04:07 GMT Chip_Matejowsky 2022-02-02T15:04:07Z https://community.qlik.com/t5/Management-Governance/Qliksense-and-Apache-Open-SSL-vulnerabilities/m-p/1888217#M21225 <P>Our security group has found sever SSL vulnerabilities on a dedicated QlikSense server.</P> <P>They said that these vulnerabilities are due to an Apache/ Open SSL web server that needs to be upgraded.</P> <P>Can you tell me if QlikSense uses an Apache web server in its default installation?</P> <P>These are the vulnerabilities that were found.</P> <P><EM>&nbsp;</EM></P> <OL> <LI><EM>OpenSSL Integer overflow in CipherUpdate (CVE-2021-23840) </EM></LI> <LI><EM>OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711)</EM></LI> <LI><EM>Apache Tomcat default installation/welcome page installed</EM></LI> <LI><EM>Apache HTTPD: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user (CVE-2021-40438)</EM></LI> <LI><EM>OpenSSL CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)</EM></LI> <LI><EM>OpenSSL Read buffer overruns processing ASN.1 strings (CVE-2021-3712)</EM></LI> </OL> <P><EM>&nbsp;</EM></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 02 Feb 2022 14:45:35 GMT https://community.qlik.com/t5/Management-Governance/Qliksense-and-Apache-Open-SSL-vulnerabilities/m-p/1888217#M21225 markdur101 2022-02-02T14:45:35Z https://community.qlik.com/t5/Management-Governance/Qliksense-and-Apache-Open-SSL-vulnerabilities/m-p/1888231#M21226 <P>Hi <a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/29334">@markdur101</a>,</P> <P>Qlik Sense doesn't use an&nbsp;Apache/ Open SSL web server&nbsp;by default but can be configured to work with one as a reverse proxy/SAML -&nbsp;<A href="https://community.qlik.com/t5/Knowledge/Quick-guide-to-configure-Apache-as-a-Reverse-Proxy-with-HTTPS/ta-p/1713172" target="_blank">Quick guide to configure Apache as a Reverse Proxy with HTTPS, ADFS SAML and Qlik Sense</A>.</P> <P>&nbsp;</P> Wed, 02 Feb 2022 15:04:07 GMT https://community.qlik.com/t5/Management-Governance/Qliksense-and-Apache-Open-SSL-vulnerabilities/m-p/1888231#M21226 Chip_Matejowsky 2022-02-02T15:04:07Z https://community.qlik.com/t5/Management-Governance/Qliksense-and-Apache-Open-SSL-vulnerabilities/m-p/1888282#M21227 <P>Thanks for the quick reply.</P> <P>&nbsp;</P> Wed, 02 Feb 2022 16:28:37 GMT https://community.qlik.com/t5/Management-Governance/Qliksense-and-Apache-Open-SSL-vulnerabilities/m-p/1888282#M21227 markdur101 2022-02-02T16:28:37Z