Qlik update Validation

aip-pmo · ‎2023-12-14

Hi team,
We discover this vulnerability within our application.
CVE-2023-41266
CVE-2023-48365
CVE-2023-41265

Our application version is 14.78.5
Patch applied is August 2022 Patch 16[Version 14.78.23].
After the patch was applied we realized that all other component of the patch still remains in the previous version not in the new version that we just installed.
I need to know if all the component and plugin is supposed to reflect the latest patch or this is not normal. I have attached a screenshot

Albert_Candelario · ‎2023-12-27

Hello @aip-pmo,

Thanks for posting.

Could you please provide details from where you extract the version for the other components?

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer

aip-pmo · ‎2023-12-27

The versions were directly pulled off the machine by Nessus. Probably uses the uninstall written in Registry to pull versions.

Albert_Candelario · ‎2023-12-29

If you could confirm that would be great, as the services keeps the main release number I suspect this is working as intended, but if you can share that information and can double check and also check within the team.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer

General Question

Governance

Security

Security & Governance