Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Greetings!
I just saw this article about a supposed ransomware security risk in QliK Sense and would like to receive instructions on what to do (if true):
https://www.arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/
Customers are asking us about it, but I can't find anything related to this issue in the community. Please advise and referer to @diagonjope in your note, so that I can get a notification.
Cheers,
++José
Hello all, @diagonjope @daveatkins
Thanks for posting here.
As it is also explained on https://www.arcticwolf.com/resources/blog/cve-2023-41265-cve-2023-41266-cve-2023-48365/ these vulnerabilities were already mentioned some time ago, we strongly recommend to stay on the mentioned patches or newest ones, as newest ones will have those fixes plus more fixes included as patches are cumulative as per the release notes.
Furthermore, I strongly recommend you to subscribe to our Support Blog so next time you do not miss such communications and other relevant ones about Qlik products.
https://community.qlik.com/t5/Support-Updates/bg-p/qlik-support-updates-blog
Cheers,
Albert
@w7 : "All prior versions of Qlik Sense Enterprise on Windows are affected, including releases such as May 2022, February 2022, and earlier."
From the article:
This issue only impacts Qlik Sense Enterprise for Windows. Other Qlik products including Qlik Cloud and QlikView are NOT impacted.
we patched our servers earlier this year; can someone from Qlik please link/list the appropriate patch levels here again?
Hello all, @diagonjope @daveatkins
Thanks for posting here.
As it is also explained on https://www.arcticwolf.com/resources/blog/cve-2023-41265-cve-2023-41266-cve-2023-48365/ these vulnerabilities were already mentioned some time ago, we strongly recommend to stay on the mentioned patches or newest ones, as newest ones will have those fixes plus more fixes included as patches are cumulative as per the release notes.
Furthermore, I strongly recommend you to subscribe to our Support Blog so next time you do not miss such communications and other relevant ones about Qlik products.
https://community.qlik.com/t5/Support-Updates/bg-p/qlik-support-updates-blog
Cheers,
Albert
Thank you, @Albert_Candelario !
Is this version affected? It is not listed?
13.82.4 20200717
Hello @w7,
Thanks for posting.
Could you confirm the version by naming the "Month" "Year" and patch that you use?
Thanks in advance.
Cheers,
Albert
Version = 13.82.4
YYYYMMDD
Year = 2020
Month = 07
@w7 : "All prior versions of Qlik Sense Enterprise on Windows are affected, including releases such as May 2022, February 2022, and earlier."
Thanks, please upgrade to version that does include the fix.
Cheers,
Albert
@Albert_Candelario We are using Qlik Cloud in our organization. Has the cactus ransomware issue affected the cloud version as well? If so, has there been any patches applied to prevent this issue?