Skip to main content
Announcements
See why Qlik was named a Leader in the 2024 Gartner® Magic Quadrant™ for Data Integration Tools for the ninth year in a row: Get the report

Qlik Sense Enterprise on Windows: Information Leak in /api/about/v1/thirdParty

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
ToniKautto
Employee
Employee

Qlik Sense Enterprise on Windows: Information Leak in /api/about/v1/thirdParty

Last Update:

Aug 3, 2023 2:10:54 AM

Updated By:

Sonja_Bauernfeind

Created date:

Aug 2, 2023 3:55:23 PM

Security vulnerability scan report may refer to "System Information Leak" in the response from the About Service API end-point /api/about/v1/thirdParty.

This API returns a list of third-party software that is installed in the product. Details include information about copyright, version, licensing, and legal notices.

The disclaimer text of some third-party components may include IP address references. These references come from the third-party provider's disclaimer or open-source license details. The IP address references do not refer to details from the installed environment.

For example, an internal IP address (10.x.x.x) is referred to in the disclaimer text for the Torch Cephes Math Library. This reference is part of the library's open-source license https://github.com/deepmind/torch-cephes/blob/master/LICENSE.txt.

Resolution

Third-party software details contain disclaimer text as required for the third-party software provider. 
IP references in third-party software disclaimers can be considered false-positive test results.

Qlik can not alter the third-party vendor disclaimers. 

Related Content 

Third Party: Get | Qlik Sense for developers Help 
False Positive 

 

Environment

Qlik Sense Enterprise on Windows 

Labels (2)
Version history
Last update:
‎2023-08-03 02:10 AM
Updated by: