Qlik Community

QlikView Deployment

Discussion Board for collaboration related to QlikView Deployment.

Announcements
QlikView Fans! We’d love to hear from you.
Share your QlikView feedback with the product team… Click here to participate in our 5-minute survey.
Rules, plus terms and conditions, can be found here.
ruelignacio
New Contributor

Application Security

Is it secure to expose the application to the web?

Using QV Version: 12.0.203 with below javascripts:

ITEM ONE:

/qlikview/js/jquerymigrate.min.js Alert group Vulnerable Javascript library Severity Medium
Description
You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported. Recommendations Upgrade to the latest version. Alert variants
Details
Detected Javascript library jquery-migrate version 1.2.1. The version was detected from file content.
References:
http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/

GET /qlikview/js/jquery-migrate.min.js HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: https://ifms.vsecorp.com/qlikview/index.htm Host: ifms.vsecorp.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */*

ITEM TWO:
/qlikview/js/jquery.min.js Alert group Vulnerable Javascript library Severity Medium
Description
You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported. Recommendations Upgrade to the latest version.
Alert variants
Details
Detected Javascript library jquery version 1.11.3. The version was detected from file content.
References:
https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/

GET /qlikview/js/jquery.min.js HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: https://ifms.vsecorp.com/qlikview/index.htm Host: ifms.vsecorp.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */*

 

Any suggestions.

Thanks

 

1 Reply
MVP
MVP

Re: Application Security

No

Community Browser