Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ktokuno2826
Partner - Contributor III
Partner - Contributor III
‎2023-10-04 12:29 AM

QlikView の脆弱性について

お世話になっております。アシストの徳納と申します。

お客様から QlikView の脆弱性について以下のお問い合わせをいただきましたので、
ご確認いただけますでしょうか。

■お問い合わせ内容
 
 既存契約で利用中の Qlik Viewサーバにおいて、脆弱性(CVE-2019-17267)が
 検知されました。
 QlikView が Java FasterXML Jackson-databind の旧版を利用していることが
 原因だと思われます。

■確認事項
 上記脆弱性の対応履歴や、パッチなどの用意はございますでしょうか?

お手数ですが上記ご確認のほどよろしくお願いいたします。

以上、よろしくお願いいたします。

Labels (3)
Labels
690 Views
0 Likes
1 Solution

Accepted Solutions
Chip_Matejowsky
Support
Support
‎2023-10-04 08:04 AM

Hello @ktokuno2826,

I'm not aware of any QlikView vulnerabilities related to CVE -2019 - 17267 and do not see Qlik mentioned on https://nvd.nist.gov/vuln/detail/CVE-2019-17267, however suggest that you open a case with Qlik Support. Within the case be sure that you provide all of the required information as listed under the "What do I do if I find a security vulnerability in a Qlik product" section of the Qlik Support article Qlik Support Security Vulnerability Policy.

Best Regards

Principal Technical Support Engineer with Qlik Support
Help users find answers! Don't forget to mark a solution that worked for you!

View solution in original post

663 Views
3 Replies
Chip_Matejowsky
Support
Support
‎2023-10-04 08:04 AM

Hello @ktokuno2826,

I'm not aware of any QlikView vulnerabilities related to CVE -2019 - 17267 and do not see Qlik mentioned on https://nvd.nist.gov/vuln/detail/CVE-2019-17267, however suggest that you open a case with Qlik Support. Within the case be sure that you provide all of the required information as listed under the "What do I do if I find a security vulnerability in a Qlik product" section of the Qlik Support article Qlik Support Security Vulnerability Policy.

Best Regards

Principal Technical Support Engineer with Qlik Support
Help users find answers! Don't forget to mark a solution that worked for you!
664 Views
ktokuno2826
Partner - Contributor III
Partner - Contributor III
‎2023-10-04 10:01 PM
Author

In response to Chip_Matejowsky

ご回答いただきありがとうございます。

(CVE-2019-17267)に関連するQlikViewの脆弱性についての情報はないとの
事で承知いたしました。

お客様から追加で以下3点ご質問をいただいているため、ご確認いただけますで
しょうか。

■ご質問
1)お客様自身で「Java FasterXML Jackson-databind」のライブラリを最新
  バージョンに変更しても問題ないか。
 
2)問題ない場合、メーカーサポート対象外となるか。

3)ライブラリの更新手順があれば教えていただきたい。

ご確認のほどよろしくお願いいたします。

以上、よろしくお願いいたします。

641 Views
0 Likes
Chip_Matejowsky
Support
Support
‎2023-10-05 07:48 AM

Hello @ktokuno2826,

As I suggested yesterday, open a case with Qlik Support. Within the case be sure that you provide all of the required information as listed under the "What do I do if I find a security vulnerability in a Qlik product" section of the Qlik Support article Qlik Support Security Vulnerability Policy.

Best Regards

Principal Technical Support Engineer with Qlik Support
Help users find answers! Don't forget to mark a solution that worked for you!
632 Views
0 Likes