We in company use Qlik Analytics Platform (QAP), which is same Qlik Sense Enterprise with some limited and some added functionality, for external reporting on DMZ server via mashup/web page, so security is very strictly monitored.
In penetration test it was identified that Qlik Sense have bundled AngularJS 1.8.3 version, which is now out of official support and security vulnerabilities for this version of AngularJS are known (CVE-2022-25844 and CVE-2022-25869). Here's a link: https://security.snyk.io/package/npm/angular/1.8.3
At the current moment, because of this reason, our platform is not as secured as it could be, unfortunately.
Does anyone of you knows - are these issues fixed for AngularJS included in the Qlik Sense installation, if not, is Qlik planning to fix this in next patches/releases?
And if not - is there any fix/workaround to mitigate security vulnerabilities, have you some experience with same topic?
