Skip to main content

Qlik

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Anonymous
Not applicable
‎2018-01-16 04:01 PM

Application Security

Is it secure to expose the application to the web?

Using QV Version: 12.0.203 with below javascripts:

ITEM ONE:

/qlikview/js/jquerymigrate.min.js Alert group Vulnerable Javascript library Severity Medium
 Description
You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported. Recommendations Upgrade to the latest version. Alert variants
Details
Detected Javascript library jquery-migrate version 1.2.1. The version was detected from file content.
References:
http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/
GET /qlikview/js/jquery-migrate.min.js HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: https://ifms.vsecorp.com/qlikview/index.htm Host: ifms.vsecorp.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */*
ITEM TWO:
/qlikview/js/jquery.min.js Alert group Vulnerable Javascript library Severity Medium
Description
You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported. Recommendations Upgrade to the latest version.
Alert variants
Details
Detected Javascript library jquery version 1.11.3. The version was detected from file content.
References:
https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
GET /qlikview/js/jquery.min.js HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: https://ifms.vsecorp.com/qlikview/index.htm Host: ifms.vsecorp.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */*

 

Any suggestions.

Thanks

 

1,101 Views
0 Likes
1 Reply
petter
Partner - Champion III
‎2018-01-19 02:46 AM

No

744 Views
0 Likes
Community Browser
Top