Solved: CVE-2022-42248 - QlikView versions affected ? - Qlik Community

josephfallon · ‎2023-08-21

CVE-2022-42248 raised against Qlikview versions "<= 12.60.2" was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.

Details below

https://www.tenable.com/cve/CVE-2022-42248

Does anyone know what lower versions of QlikView are also affected please ?

Chip_Matejowsky · ‎2023-08-23

Hi @josephfallon,

This vulnerability was investigated by Qlik R&D under defect ID QV-23876. It was first identified in version April 2021 (12.60.20000) and fixed in version May 2022 SR2 (12.70.20200).

Suggest that you run only May 2022 SR2 and later versions if you are concerned about this defect.

Best Regards

Principal Technical Support Engineer with Qlik Support
Help users find answers! Don't forget to mark a solution that worked for you!

View solution in original post

Chip_Matejowsky · ‎2023-08-23

Hi @josephfallon,

This vulnerability was investigated by Qlik R&D under defect ID QV-23876. It was first identified in version April 2021 (12.60.20000) and fixed in version May 2022 SR2 (12.70.20200).

Suggest that you run only May 2022 SR2 and later versions if you are concerned about this defect.

Best Regards

Principal Technical Support Engineer with Qlik Support
Help users find answers! Don't forget to mark a solution that worked for you!

CVE-2022-42248 - QlikView versions affected ?

Security