Qlik Community

QlikView Security & Governance

Discussion Board for collaboration on QlikView Security and Governance.

Announcements
QlikView Fans! We’d love to hear from you.
Share your QlikView feedback with the product team… Click here to participate in our 5-minute survey.
Rules, plus terms and conditions, can be found here.
Not applicable

HeartBleed Open SSL Vulnerability

Is QlikView (specifically 11.2) vulnerable to the SSL HeartBleed OpsnSSL bug? http://heartbleed.com/.

1 Solution

Accepted Solutions
Employee
Employee

Re: HeartBleed Open SSL Vulnerability

Hi,

Here is the information from the Expressor team.

Expressor has used two versions of OpenSSL is its history. Until 2011, we were using 0.8.9d and then upgraded to 1.0.0d. Neither of these versions is affected by heartbleed.

Bill

10 Replies
Employee
Employee

Re: HeartBleed Open SSL Vulnerability

Hi Scott,

We do not use OpenSSL in our code. OpenSSL is geared more toward Apache.

Bill

Not applicable

Re: Re: HeartBleed Open SSL Vulnerability

I understand that it is not in QlikView according to the third party license terms, but is in Expressor and therefore potentially in the Governance Dashboard?

QlikView 3rd party license terms - http://www.qlik.com/~/media/files/info/license-terms-third-party/third-party-license-terms.ashx

Employee
Employee

Re: Re: HeartBleed Open SSL Vulnerability


Hi,

OpenSSL is used for SSL and web traffic. Expressor is an application and not a webserver. Also, Qlik uses Microsoft products that unless you are running Windows version of Apache are not affected according to Microsoft.

Employee
Employee

Re: HeartBleed Open SSL Vulnerability

Hi,

I have been told the Expressor team is looking at their product to make sure I am correct.

Bill

Employee
Employee

Re: HeartBleed Open SSL Vulnerability

Hi,

Here is the information from the Expressor team.

Expressor has used two versions of OpenSSL is its history. Until 2011, we were using 0.8.9d and then upgraded to 1.0.0d. Neither of these versions is affected by heartbleed.

Bill

Not applicable

Re: HeartBleed Open SSL Vulnerability

Can anyone provide any links on QlikView site or a link to something that says QlikView is "safe" from heartbleed? I need to provide documentation that shows it is - some kind of reference. I have been unable to find anything other than this thread.

Thank you,

Employee
Employee

Re: HeartBleed Open SSL Vulnerability

Hi Richard,

I am a DSE with QlikView and was the one that went to our security team to get the information. I will see if I can't get someone to put a official statement on the Qlik Site.

Bill

Not applicable

Re: HeartBleed Open SSL Vulnerability

Thank you Bill that would be very helpful.

Employee
Employee

Re: HeartBleed Open SSL Vulnerability

Community Browser