https://community.qlik.com/t5/Management-Governance/Postgres-vulnerability-CVE-2024-4215-amp-CVE-2024-4216/m-p/2451343#M29402 <P>Hi&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/58383">@David_Friend</a>&nbsp;</P> <P>&nbsp;</P> <P>It is the bundled version&nbsp;postgres 12.5 that comes with default with the old version Feb 2022 version.</P> <P>&nbsp;</P> <P>Thanks &amp; Regards</P> <P>Amar</P> Sat, 11 May 2024 15:14:55 GMT amarvilass 2024-05-11T15:14:55Z https://community.qlik.com/t5/Management-Governance/Postgres-vulnerability-CVE-2024-4215-amp-CVE-2024-4216/m-p/2450633#M29400 <P>Hi All,</P> <P>We are currently on May 2023 Patch10 version with Postgres12.</P> <P>Understand from our security team that there are the below two vulnerabilities for Postgres</P> <P>&nbsp;</P> <OL> <LI><STRONG>Cross-Site Scripting Vulnerability (CVE-2024-4216)</STRONG></LI> </OL> <P>This vulnerability exists in pgAdmin, specifically inside the /settings/store API response json payload. Exploiting this vulnerability could allow a threat actor to execute malicious script on the client end and steal sensitive cookies.</P> <P>&nbsp;</P> <OL> <LI><STRONG>Multi-Factor Authentication Bypass (CVE-2024-4215)</STRONG></LI> </OL> <P>This vulnerability affects pgAdmin, which could allow a threat actor to bypass multi-factor authentication on affected versions.</P> <P>&nbsp;</P> <P>Is anyone aware if it affect Qlik Sense enterprise on windows?</P> <P>&nbsp;</P> <P>Thanks &amp; Regards</P> <P><STRONG>Amar Shedage</STRONG></P> Thu, 09 May 2024 06:51:24 GMT https://community.qlik.com/t5/Management-Governance/Postgres-vulnerability-CVE-2024-4215-amp-CVE-2024-4216/m-p/2450633#M29400 amarvilass 2024-05-09T06:51:24Z https://community.qlik.com/t5/Management-Governance/Postgres-vulnerability-CVE-2024-4215-amp-CVE-2024-4216/m-p/2450812#M29401 <P><a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/44151">@amarvilass</a>&nbsp;what specific version of Postgres are you using and is it bundled/unbundled?</P> Thu, 09 May 2024 13:12:58 GMT https://community.qlik.com/t5/Management-Governance/Postgres-vulnerability-CVE-2024-4215-amp-CVE-2024-4216/m-p/2450812#M29401 David_Friend 2024-05-09T13:12:58Z https://community.qlik.com/t5/Management-Governance/Postgres-vulnerability-CVE-2024-4215-amp-CVE-2024-4216/m-p/2451343#M29402 <P>Hi&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/58383">@David_Friend</a>&nbsp;</P> <P>&nbsp;</P> <P>It is the bundled version&nbsp;postgres 12.5 that comes with default with the old version Feb 2022 version.</P> <P>&nbsp;</P> <P>Thanks &amp; Regards</P> <P>Amar</P> Sat, 11 May 2024 15:14:55 GMT https://community.qlik.com/t5/Management-Governance/Postgres-vulnerability-CVE-2024-4215-amp-CVE-2024-4216/m-p/2451343#M29402 amarvilass 2024-05-11T15:14:55Z https://community.qlik.com/t5/Management-Governance/Postgres-vulnerability-CVE-2024-4215-amp-CVE-2024-4216/m-p/2452057#M29403 <P><a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/44151">@amarvilass</a>&nbsp;</P> <P>It looks like this&nbsp;vulnerability only affects PgAdmin. PgAdmin is not installed by Qlik. It is only used if you do changes in the database.&nbsp;</P> Tue, 14 May 2024 07:56:08 GMT https://community.qlik.com/t5/Management-Governance/Postgres-vulnerability-CVE-2024-4215-amp-CVE-2024-4216/m-p/2452057#M29403 Maria_Halley 2024-05-14T07:56:08Z https://community.qlik.com/t5/Management-Governance/Postgres-vulnerability-CVE-2024-4215-amp-CVE-2024-4216/m-p/2452129#M29404 <P>Thanks&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/942">@Maria_Halley</a>&nbsp;</P> <P>The reason I was checking this is to resolve an issue with Qlik due to a&nbsp;<SPAN>custom properties being duplicated and injected multiple times after Qlik upgrade. This issue causes the jobs to fail even though the status reflect as successful. The job failure is causing the AD sync job to fail and not add new users. The solution to this lies in the below link</SPAN></P> <P><A href="https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-on-premise-reloads-fail-with-Warning-Conflict/ta-p/2034338" target="_blank">https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-on-premise-reloads-fail-with-Warning-Conflict/ta-p/2034338</A></P> <P>The solution proposed from Qlik needs the PgAdmin to be used to remove the duplicate properties. Will you be able to suggest if this will cause any issue?</P> <P>Thanks &amp; Regards</P> <P>Amar</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><SPAN>&nbsp;&nbsp;</SPAN></P> Tue, 14 May 2024 09:39:04 GMT https://community.qlik.com/t5/Management-Governance/Postgres-vulnerability-CVE-2024-4215-amp-CVE-2024-4216/m-p/2452129#M29404 amarvilass 2024-05-14T09:39:04Z