Qlik Community

Security & Governance

Discussion board where members can learn more about Qlik Sense deployments which are governed and self-service.

Announcements
Coming Aug. 9: New Simplified Authoring for Qlik Sense SaaS – For Details, CLICK HERE
cancel
Showing results for 
Search instead for 
Did you mean: 
Balledaa
Contributor
Contributor

Windows SMB Denial of Service Vulnerability

Our Administrator team has Discovered the use of Microsoft Server Message Block 1.0 (SMBv1) protocol on the server which is against security baseline and is deem as  non-compliance and poses a high risk of vulnerability. The vulnerability can allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability".

Their recommendation is to disable the protocol on the server to remediate the issue. 

Can anyone please help me to know more details about the impact this vulnerability can cause to QlikView systems and what actions should be taken.

 

Labels (1)
1 Solution

Accepted Solutions
Albert_Candelario

Hello @Balledaa ,

In QlikSense SMB3 is tested and can be used as it is mentioned Persistence ‒ Qlik Sense for administrators.

SMB1 is a quite old protocol, do you have a test machine were your file server admin can disable SM, so you could check is not impacting your QlikView environment.

As per the information on CVE-2017-0280 - Security Update Guide - Microsoft - Windows SMB Denial of Service Vulnerability seems the topic is more related to the server itself and Microsoft itself delivered a fix back in 2017 May 9, 2017—KB4019472 (OS Build 14393.1198) (microsoft.com) so as long as your OS is updated should be fine.

I hope this helps.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer

View solution in original post

3 Replies
Maria_Halley
Support
Support

@Balledaa

 

What product are you using? And what version. 

Balledaa
Contributor
Contributor
Author

Hello Maria,

Balledaa_0-1651737835127.png

We are using the above two products.

Albert_Candelario

Hello @Balledaa ,

In QlikSense SMB3 is tested and can be used as it is mentioned Persistence ‒ Qlik Sense for administrators.

SMB1 is a quite old protocol, do you have a test machine were your file server admin can disable SM, so you could check is not impacting your QlikView environment.

As per the information on CVE-2017-0280 - Security Update Guide - Microsoft - Windows SMB Denial of Service Vulnerability seems the topic is more related to the server itself and Microsoft itself delivered a fix back in 2017 May 9, 2017—KB4019472 (OS Build 14393.1198) (microsoft.com) so as long as your OS is updated should be fine.

I hope this helps.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer