Skip to main content

Qlik

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Announcements
UPGRADE ADVISORY for Qlik Replicate 2024.5: Read More
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
kamal0475
Contributor III
‎2023-12-12 11:57 AM

CVE-2023-41265, CVE-2023-41266 & CVE-2023-48365: Multiple Vulnerabilities in Qlik Sense Enterprise Actively Exploited

Does the above vulnerabilities impact Qlik replicate or Qlik Enterprise manager.

Our organization currently use Qlik Replicate (2021.11.0.165), and Qlik Enterprise Manager (2021.11.0.198) for data replication and monitoring.
Our security team has identified that the below vulnerabilities are being actively exploited in what appears to be an active ransomware campaign.
CVE-2023-41265, CVE-2023-41266 & CVE-2023-48365: Multiple Vulnerabilities in Qlik Sense Enterprise Actively Exploited.
Can you please let us know if the above CVE have any impact to Qlik Replicate and QEM tool that we are currently using?

 

Fyi.. Our organization is planning to upgrade to latest version of Qlik Replicate and Qlik enterprise manager in the early next year. 

Thank you.

Labels (1)
Labels
1,535 Views
1 Solution

Accepted Solutions
Dana_Baldwin
Support
‎2023-12-12 03:36 PM

Hi @kamal0475 

We checked internally and only Qlik Sense is impacted by these (CVE-2023-41265, CVE-2023-41266 & CVE-2023-48365), other Qlik products are not impacted.

Internal reference # 00128025

Thanks,

Dana

View solution in original post

1,498 Views
4 Replies
Dana_Baldwin
Support
‎2023-12-12 03:36 PM

Hi @kamal0475 

We checked internally and only Qlik Sense is impacted by these (CVE-2023-41265, CVE-2023-41266 & CVE-2023-48365), other Qlik products are not impacted.

Internal reference # 00128025

Thanks,

Dana

1,499 Views
ramazanerduran
Partner - Contributor III
‎2024-09-09 02:39 AM

In response to Dana_Baldwin

Hi Dana,

 

Is this answer still valid? Only vulnerability codes that Qlik Sense impacted by (CVE-2023-41265, CVE-2023-41266 & CVE-2023-48365) or is there any other nev code? 

An additional question, is there any site/document to watch vulnerability list that Qlik Sense impacted?

 

Thanks,

Ramazan

764 Views
0 Likes
Dana_Baldwin
Support
‎2024-09-09 06:08 PM

In response to ramazanerduran

Hi @ramazanerduran 

I did a quick search and could not find support cases for products besides Qlik Sense but we would need to check with our internal support team who works directly with R & D to confirm. It would be surprising that no other products were affected before but that these older vulnerabilities could be introduced in newer versions, so I suspect not. We have no method of raising issues to them via this forum, can you please open a support case?

We don't have a page on the forum dedicated to vulnerabilities. If you would like to see that, please submit the idea directly to our Product Management team here: https://community.qlik.com/t5/Ideas/idb-p/qlik-ideas

Thanks,

Dana

729 Views
ramazanerduran
Partner - Contributor III
‎2024-09-10 02:15 AM

In response to Dana_Baldwin

Hi @Dana_Baldwin,

 

Thank you for your responses, currently I don't have a urgent situation to ask if the products effected. I just wonder if there is a page that include the vulnerabilities. I'll submit this idea.

 

Thanks,

Ramazan

697 Views
Top