article High Severity Security fixes for Qlik Sense Enterprise for Windows (CVE-2024-36077) in Official Support Articles https://community.qlik.com/t5/Official-Support-Articles/High-Severity-Security-fixes-for-Qlik-Sense-Enterprise-for/ta-p/2452509 <H3 aria-level="2"><FONT color="#339966"><STRONG>Executive Summary&nbsp;</STRONG></FONT></H3> <P><SPAN data-contrast="auto">A security issue in Qlik Sense Enterprise for Windows has been identified, and patches have been made available. If successfully exploited, this vulnerability could lead to a compromise of the server running the Qlik Sense software, including remote code execution (RCE).</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">This issue was responsibly disclosed to Qlik and no reports of it being maliciously exploited have been received.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></P> <P>&nbsp;</P> <H3 aria-level="2"><FONT color="#339966"><STRONG>Affected Software</STRONG></FONT><SPAN data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></H3> <P><SPAN class="TextRun SCXW224515680 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW224515680 BCX0">All versions of Qlik Sense Enterprise for Windows </SPAN></SPAN><SPAN class="TextRun SCXW224515680 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW224515680 BCX0"><STRONG>prior</STRONG> </SPAN></SPAN><SPAN class="TextRun SCXW224515680 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW224515680 BCX0">to</SPAN><SPAN class="NormalTextRun SCXW224515680 BCX0"> and including</SPAN><SPAN class="NormalTextRun SCXW224515680 BCX0"> these releases are </SPAN><SPAN class="NormalTextRun SCXW224515680 BCX0">impacted</SPAN><SPAN class="NormalTextRun SCXW224515680 BCX0">:</SPAN></SPAN><SPAN class="EOP SCXW224515680 BCX0" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL class="lia-list-style-type-circle"> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>February 2024 Patch </SPAN><SPAN>3</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>November 2023 Patch </SPAN><SPAN>8</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>August 2023 Patch 1</SPAN><SPAN>3</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>May 2023 Patch 1</SPAN><SPAN>5</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="5" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>February 2023 Patch 1</SPAN><SPAN>3</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="6" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>November 2022 Patch 1</SPAN><SPAN>3</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="7" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>August 2022 Patch 1</SPAN><SPAN>6</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="8" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>May 2022 Patch 1</SPAN><SPAN>7</SPAN></SPAN></LI> </UL> <H3 aria-level="1"><FONT color="#339966"><STRONG>Severity Rating&nbsp;</STRONG></FONT></H3> <P><SPAN class="TextRun SCXW55616708 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW55616708 BCX0" data-ccp-charstyle="normaltextrun" data-ccp-charstyle-defn="{&quot;ObjectId&quot;:&quot;c77f2650-c1a9-4e88-a4ef-9413c5518cea|3&quot;,&quot;ClassId&quot;:1073872969,&quot;Properties&quot;:[201342446,&quot;1&quot;,201342447,&quot;5&quot;,201342448,&quot;3&quot;,201342449,&quot;1&quot;,469777841,&quot;Aptos&quot;,469777842,&quot;Arial&quot;,469777843,&quot;MS 明朝&quot;,469777844,&quot;Aptos&quot;,201341986,&quot;1&quot;,469769226,&quot;Aptos,Arial,MS 明朝&quot;,268442635,&quot;24&quot;,335559704,&quot;1025&quot;,335559705,&quot;1041&quot;,335551547,&quot;1033&quot;,335559740,&quot;279&quot;,201341983,&quot;0&quot;,335559739,&quot;160&quot;,469775450,&quot;normaltextrun&quot;,201340122,&quot;1&quot;,134233614,&quot;true&quot;,469778129,&quot;normaltextrun&quot;,335572020,&quot;1&quot;,469778324,&quot;Default Paragraph Font&quot;]}">Using the CVSS V3.1 scoring system (</SPAN></SPAN><A class="Hyperlink SCXW55616708 BCX0" href="https://nvd.nist.gov/vuln-metrics/cvss" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun Underlined SCXW55616708 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW55616708 BCX0" data-ccp-charstyle="normaltextrun">https://nvd.nist.gov/vuln-metrics/cvss</SPAN></SPAN></A><SPAN class="TextRun SCXW55616708 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW55616708 BCX0" data-ccp-charstyle="normaltextrun">), Qlik rates this severity as </SPAN><SPAN class="NormalTextRun SCXW55616708 BCX0" data-ccp-charstyle="normaltextrun">high</SPAN><SPAN class="NormalTextRun SCXW55616708 BCX0" data-ccp-charstyle="normaltextrun">. </SPAN><SPAN class="NormalTextRun SCXW55616708 BCX0" data-ccp-charstyle="eop" data-ccp-charstyle-defn="{&quot;ObjectId&quot;:&quot;c77f2650-c1a9-4e88-a4ef-9413c5518cea|4&quot;,&quot;ClassId&quot;:1073872969,&quot;Properties&quot;:[201342446,&quot;1&quot;,201342447,&quot;5&quot;,201342448,&quot;3&quot;,201342449,&quot;1&quot;,469777841,&quot;Aptos&quot;,469777842,&quot;Arial&quot;,469777843,&quot;MS 明朝&quot;,469777844,&quot;Aptos&quot;,201341986,&quot;1&quot;,469769226,&quot;Aptos,Arial,MS 明朝&quot;,268442635,&quot;24&quot;,335559704,&quot;1025&quot;,335559705,&quot;1041&quot;,335551547,&quot;1033&quot;,335559740,&quot;279&quot;,201341983,&quot;0&quot;,335559739,&quot;160&quot;,469775450,&quot;eop&quot;,201340122,&quot;1&quot;,134233614,&quot;true&quot;,469778129,&quot;eop&quot;,335572020,&quot;1&quot;,469778324,&quot;Default Paragraph Font&quot;]}"> </SPAN></SPAN><SPAN class="EOP SCXW55616708 BCX0" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></P> <H3 aria-level="1"><FONT color="#339966"><STRONG>Vulnerability Details</STRONG></FONT><SPAN><BR /></SPAN></H3> <P><FONT color="#339966"><STRONG><SPAN data-contrast="auto">CVE-2024<SPAN class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak">-36077</SPAN></SPAN></STRONG></FONT><SPAN data-contrast="auto">(QB-26216) Privilege escalation for authenticated/anonymous user</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></P> <P><FONT color="#339966"><STRONG><SPAN data-contrast="none">Severity:</SPAN></STRONG> </FONT><SPAN data-contrast="auto">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 8.8 (</SPAN><STRONG>High</STRONG><SPAN data-contrast="auto">)</SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P class="lia-indent-padding-left-30px"><SPAN data-contrast="auto">Due to improper input validation, a remote attacker with existing privileges is able to elevate them to the </SPAN><SPAN data-contrast="none">internal system role, which in turns </SPAN><SPAN data-contrast="auto">allows them to execute commands on the server.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></P> <H3><FONT color="#339966"><STRONG>Resolution&nbsp;</STRONG></FONT></H3> <H4><FONT color="#339966"><STRONG>Recommendation&nbsp;</STRONG></FONT></H4> <P><SPAN class="TextRun SCXW153868444 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW153868444 BCX0">Customers should</SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0"> upgrade Qlik Sense Enterprise for Windows to a version </SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0">containing</SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0"> fixes for these issues. </SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0">Fixes are available</SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0"> for the </SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0">following</SPAN> <SPAN class="NormalTextRun SCXW153868444 BCX0">versions</SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0">:</SPAN></SPAN><SPAN class="EOP SCXW153868444 BCX0" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL class="lia-list-style-type-circle"> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="9" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>May 2024</SPAN><SPAN> Initial Release</SPAN></SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335557856&quot;:16777215,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="10" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>February 2024 Patch 4</SPAN></SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335557856&quot;:16777215,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="11" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>November 2023 Patch 9</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="12" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>August 2023 Patch 14</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="13" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>May 2023 Patch 16</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="14" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>February 2023 Patch 14</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="15" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>November 2022 Patch 14</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="16" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>August 2022 Patch 17</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="17" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>May 2022 Patch 18</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> </UL> <P>&nbsp;</P> <P><SPAN data-contrast="auto">All Qlik software can be downloaded from our official </SPAN><A href="https://community.qlik.com/t5/Product-Downloads/tkb-p/Downloads" target="_blank" rel="noopener"><SPAN data-contrast="none">Qlik Download page</SPAN></A><SPAN data-contrast="auto"> (customer login required).</SPAN></P> <H3><FONT color="#339966"><STRONG>Credit</STRONG></FONT></H3> <P><SPAN class="TextRun SCXW89747 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW89747 BCX0">This issue was </SPAN><SPAN class="NormalTextRun SCXW89747 BCX0">identified</SPAN><SPAN class="NormalTextRun SCXW89747 BCX0"> and responsibly reported to Qlik by</SPAN><SPAN class="NormalTextRun SCXW89747 BCX0"> Daniel </SPAN><SPAN class="NormalTextRun SpellingErrorV2Themed SpellingErrorHighlight SCXW89747 BCX0">Zajork</SPAN><SPAN class="NormalTextRun SCXW89747 BCX0">.</SPAN></SPAN><SPAN class="EOP SCXW89747 BCX0" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><FONT color="#999999">Edited 20th of May 2024: Added recently assigned CVE number.</FONT></P> <P>&nbsp;</P> Mon, 20 May 2024 06:56:39 GMT Sonja_Bauernfeind 2024-05-20T06:56:39Z High Severity Security fixes for Qlik Sense Enterprise for Windows (CVE-2024-36077) https://community.qlik.com/t5/Official-Support-Articles/High-Severity-Security-fixes-for-Qlik-Sense-Enterprise-for/ta-p/2452509 <H3 aria-level="2"><FONT color="#339966"><STRONG>Executive Summary&nbsp;</STRONG></FONT></H3> <P><SPAN data-contrast="auto">A security issue in Qlik Sense Enterprise for Windows has been identified, and patches have been made available. If successfully exploited, this vulnerability could lead to a compromise of the server running the Qlik Sense software, including remote code execution (RCE).</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">This issue was responsibly disclosed to Qlik and no reports of it being maliciously exploited have been received.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></P> <P>&nbsp;</P> <H3 aria-level="2"><FONT color="#339966"><STRONG>Affected Software</STRONG></FONT><SPAN data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></H3> <P><SPAN class="TextRun SCXW224515680 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW224515680 BCX0">All versions of Qlik Sense Enterprise for Windows </SPAN></SPAN><SPAN class="TextRun SCXW224515680 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW224515680 BCX0"><STRONG>prior</STRONG> </SPAN></SPAN><SPAN class="TextRun SCXW224515680 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW224515680 BCX0">to</SPAN><SPAN class="NormalTextRun SCXW224515680 BCX0"> and including</SPAN><SPAN class="NormalTextRun SCXW224515680 BCX0"> these releases are </SPAN><SPAN class="NormalTextRun SCXW224515680 BCX0">impacted</SPAN><SPAN class="NormalTextRun SCXW224515680 BCX0">:</SPAN></SPAN><SPAN class="EOP SCXW224515680 BCX0" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL class="lia-list-style-type-circle"> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>February 2024 Patch </SPAN><SPAN>3</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>November 2023 Patch </SPAN><SPAN>8</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>August 2023 Patch 1</SPAN><SPAN>3</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>May 2023 Patch 1</SPAN><SPAN>5</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="5" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>February 2023 Patch 1</SPAN><SPAN>3</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="6" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>November 2022 Patch 1</SPAN><SPAN>3</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="7" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>August 2022 Patch 1</SPAN><SPAN>6</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" aria-setsize="-1" data-aria-posinset="8" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>May 2022 Patch 1</SPAN><SPAN>7</SPAN></SPAN></LI> </UL> <H3 aria-level="1"><FONT color="#339966"><STRONG>Severity Rating&nbsp;</STRONG></FONT></H3> <P><SPAN class="TextRun SCXW55616708 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW55616708 BCX0" data-ccp-charstyle="normaltextrun" data-ccp-charstyle-defn="{&quot;ObjectId&quot;:&quot;c77f2650-c1a9-4e88-a4ef-9413c5518cea|3&quot;,&quot;ClassId&quot;:1073872969,&quot;Properties&quot;:[201342446,&quot;1&quot;,201342447,&quot;5&quot;,201342448,&quot;3&quot;,201342449,&quot;1&quot;,469777841,&quot;Aptos&quot;,469777842,&quot;Arial&quot;,469777843,&quot;MS 明朝&quot;,469777844,&quot;Aptos&quot;,201341986,&quot;1&quot;,469769226,&quot;Aptos,Arial,MS 明朝&quot;,268442635,&quot;24&quot;,335559704,&quot;1025&quot;,335559705,&quot;1041&quot;,335551547,&quot;1033&quot;,335559740,&quot;279&quot;,201341983,&quot;0&quot;,335559739,&quot;160&quot;,469775450,&quot;normaltextrun&quot;,201340122,&quot;1&quot;,134233614,&quot;true&quot;,469778129,&quot;normaltextrun&quot;,335572020,&quot;1&quot;,469778324,&quot;Default Paragraph Font&quot;]}">Using the CVSS V3.1 scoring system (</SPAN></SPAN><A class="Hyperlink SCXW55616708 BCX0" href="https://nvd.nist.gov/vuln-metrics/cvss" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun Underlined SCXW55616708 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW55616708 BCX0" data-ccp-charstyle="normaltextrun">https://nvd.nist.gov/vuln-metrics/cvss</SPAN></SPAN></A><SPAN class="TextRun SCXW55616708 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW55616708 BCX0" data-ccp-charstyle="normaltextrun">), Qlik rates this severity as </SPAN><SPAN class="NormalTextRun SCXW55616708 BCX0" data-ccp-charstyle="normaltextrun">high</SPAN><SPAN class="NormalTextRun SCXW55616708 BCX0" data-ccp-charstyle="normaltextrun">. </SPAN><SPAN class="NormalTextRun SCXW55616708 BCX0" data-ccp-charstyle="eop" data-ccp-charstyle-defn="{&quot;ObjectId&quot;:&quot;c77f2650-c1a9-4e88-a4ef-9413c5518cea|4&quot;,&quot;ClassId&quot;:1073872969,&quot;Properties&quot;:[201342446,&quot;1&quot;,201342447,&quot;5&quot;,201342448,&quot;3&quot;,201342449,&quot;1&quot;,469777841,&quot;Aptos&quot;,469777842,&quot;Arial&quot;,469777843,&quot;MS 明朝&quot;,469777844,&quot;Aptos&quot;,201341986,&quot;1&quot;,469769226,&quot;Aptos,Arial,MS 明朝&quot;,268442635,&quot;24&quot;,335559704,&quot;1025&quot;,335559705,&quot;1041&quot;,335551547,&quot;1033&quot;,335559740,&quot;279&quot;,201341983,&quot;0&quot;,335559739,&quot;160&quot;,469775450,&quot;eop&quot;,201340122,&quot;1&quot;,134233614,&quot;true&quot;,469778129,&quot;eop&quot;,335572020,&quot;1&quot;,469778324,&quot;Default Paragraph Font&quot;]}"> </SPAN></SPAN><SPAN class="EOP SCXW55616708 BCX0" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></P> <H3 aria-level="1"><FONT color="#339966"><STRONG>Vulnerability Details</STRONG></FONT><SPAN><BR /></SPAN></H3> <P><FONT color="#339966"><STRONG><SPAN data-contrast="auto">CVE-2024<SPAN class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak">-36077</SPAN></SPAN></STRONG></FONT><SPAN data-contrast="auto">(QB-26216) Privilege escalation for authenticated/anonymous user</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></P> <P><FONT color="#339966"><STRONG><SPAN data-contrast="none">Severity:</SPAN></STRONG> </FONT><SPAN data-contrast="auto">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 8.8 (</SPAN><STRONG>High</STRONG><SPAN data-contrast="auto">)</SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P class="lia-indent-padding-left-30px"><SPAN data-contrast="auto">Due to improper input validation, a remote attacker with existing privileges is able to elevate them to the </SPAN><SPAN data-contrast="none">internal system role, which in turns </SPAN><SPAN data-contrast="auto">allows them to execute commands on the server.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></P> <H3><FONT color="#339966"><STRONG>Resolution&nbsp;</STRONG></FONT></H3> <H4><FONT color="#339966"><STRONG>Recommendation&nbsp;</STRONG></FONT></H4> <P><SPAN class="TextRun SCXW153868444 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW153868444 BCX0">Customers should</SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0"> upgrade Qlik Sense Enterprise for Windows to a version </SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0">containing</SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0"> fixes for these issues. </SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0">Fixes are available</SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0"> for the </SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0">following</SPAN> <SPAN class="NormalTextRun SCXW153868444 BCX0">versions</SPAN><SPAN class="NormalTextRun SCXW153868444 BCX0">:</SPAN></SPAN><SPAN class="EOP SCXW153868444 BCX0" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL class="lia-list-style-type-circle"> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="9" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>May 2024</SPAN><SPAN> Initial Release</SPAN></SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335557856&quot;:16777215,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="10" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>February 2024 Patch 4</SPAN></SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335557856&quot;:16777215,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="11" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>November 2023 Patch 9</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="12" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>August 2023 Patch 14</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="13" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>May 2023 Patch 16</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="14" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>February 2023 Patch 14</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="15" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>November 2022 Patch 14</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="16" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>August 2022 Patch 17</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="17" data-aria-level="1"><SPAN data-contrast="auto"><SPAN>May 2022 Patch 18</SPAN></SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></LI> </UL> <P>&nbsp;</P> <P><SPAN data-contrast="auto">All Qlik software can be downloaded from our official </SPAN><A href="https://community.qlik.com/t5/Product-Downloads/tkb-p/Downloads" target="_blank" rel="noopener"><SPAN data-contrast="none">Qlik Download page</SPAN></A><SPAN data-contrast="auto"> (customer login required).</SPAN></P> <H3><FONT color="#339966"><STRONG>Credit</STRONG></FONT></H3> <P><SPAN class="TextRun SCXW89747 BCX0" data-contrast="auto"><SPAN class="NormalTextRun SCXW89747 BCX0">This issue was </SPAN><SPAN class="NormalTextRun SCXW89747 BCX0">identified</SPAN><SPAN class="NormalTextRun SCXW89747 BCX0"> and responsibly reported to Qlik by</SPAN><SPAN class="NormalTextRun SCXW89747 BCX0"> Daniel </SPAN><SPAN class="NormalTextRun SpellingErrorV2Themed SpellingErrorHighlight SCXW89747 BCX0">Zajork</SPAN><SPAN class="NormalTextRun SCXW89747 BCX0">.</SPAN></SPAN><SPAN class="EOP SCXW89747 BCX0" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:279}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><FONT color="#999999">Edited 20th of May 2024: Added recently assigned CVE number.</FONT></P> <P>&nbsp;</P> Mon, 20 May 2024 06:56:39 GMT https://community.qlik.com/t5/Official-Support-Articles/High-Severity-Security-fixes-for-Qlik-Sense-Enterprise-for/ta-p/2452509 Sonja_Bauernfeind 2024-05-20T06:56:39Z Re: Critical Security fixes for Qlik Sense Enterprise for Windows (CVE-pending) https://community.qlik.com/t5/Official-Support-Articles/High-Severity-Security-fixes-for-Qlik-Sense-Enterprise-for/tac-p/2452593#M13930 <P><SPAN>For discussions and questions, comment directly on the&nbsp;</SPAN><A href="https://community.qlik.com/t5/Support-Updates/Qlik-Sense-Enterprise-for-Windows-New-Security-Patches-Available/ba-p/2452521" target="_blank" rel="noopener">related blog post</A><SPAN>.&nbsp; We will be monitoring it. Thank you!</SPAN></P> Wed, 15 May 2024 09:15:26 GMT https://community.qlik.com/t5/Official-Support-Articles/High-Severity-Security-fixes-for-Qlik-Sense-Enterprise-for/tac-p/2452593#M13930 Sonja_Bauernfeind 2024-05-15T09:15:26Z