Skip to main content

Qlik Community

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
You can succeed best and quickest by helping others to succeed. Join the conversation.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Vikki
Contributor II
Contributor II
‎2022-05-05 12:49 PM

Qlik Visibility - Spring Framework vulnerability CVE-2022-22965

Looking for guidance on Attunity Visibility software v7.3 impact for Spring Framework vulnerability CVE-2022-22965. PNC Security has requested remediation as per below:

Spring Framework contains a flaw in the CachedIntrospectionResults class in spring-beans/src/main/java/org/springframework/beans/CachedIntrospectionResults.java related to insecure introspection when using request parameter binding. This may allow a remote attacker to invoke arbitrary Java class methods and execute arbitrary code. 


I've found the reference in your support documentation for the subject CVE vulnerability but there is no mention of Qlik Visibility software. Would appreciate some help.

Using:

Operating System: Linux
Operating System Version: RHEL 7.9
Product Release: V7.3
Environment Type: Production


Thank you,
Vikki Turner

Labels (1)
Labels
513 Views
0 Likes
2 Solutions

Accepted Solutions
lyka
Support
Support
‎2022-05-05 01:03 PM

Good Day!

 

Visibility is a retired product and no longer supported

 

https://community.qlik.com/t5/Support-Updates-Blog/Retirement-of-legacy-Attunity-products-on-January...

 

Thanks

Lyka

View solution in original post

509 Views
Nanda_Ravindra
Support
Support
‎2022-05-31 11:32 PM

In response to Nanda_Ravindra

 @Vikki I checked with the R&D team, and they did confirm that it needs a code rebuild and since the product has reached the end of life, we won't be able to build the code and share the new build.

 

https://community.qlik.com/t5/Support-Updates-Blog/Retirement-of-legacy-Attunity-products-on-January...

 

Thanks,

Nanda

View solution in original post

307 Views
0 Likes
3 Replies
lyka
Support
Support
‎2022-05-05 01:03 PM

Good Day!

 

Visibility is a retired product and no longer supported

 

https://community.qlik.com/t5/Support-Updates-Blog/Retirement-of-legacy-Attunity-products-on-January...

 

Thanks

Lyka

510 Views
Nanda_Ravindra
Support
Support
‎2022-05-17 12:45 PM

Hello @Vikki 

              The spring Framework vulnerability  listed here is  more involved and would probably require code changes. Since the product has reached end of life,  I am not sure if  R&D can rebuild installation kit for you with the fix.  That being said, I am checking with development team on this to see if we can help you in anyway. So, give me some time and I'll get back to you on this.

 

Thanks,

Nanda

390 Views
0 Likes
Nanda_Ravindra
Support
Support
‎2022-05-31 11:32 PM

In response to Nanda_Ravindra

 @Vikki I checked with the R&D team, and they did confirm that it needs a code rebuild and since the product has reached the end of life, we won't be able to build the code and share the new build.

 

https://community.qlik.com/t5/Support-Updates-Blog/Retirement-of-legacy-Attunity-products-on-January...

 

Thanks,

Nanda

308 Views
0 Likes