Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
diagonjope
Partner - Creator III
Partner - Creator III
‎2023-11-30 11:01 AM

"Qlik Sense Exploited in Cactus Ransomware Campaign": Is this true? Does Qlik have any security updates to deal with this?

Greetings!

I just saw this article about a supposed ransomware security risk in QliK Sense and would like to receive instructions on what to do (if true):

https://www.arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/

Customers are asking us about it, but I can't find anything related to this issue in the community.  Please advise and referer to @diagonjope in your note, so that I can get a notification.

Cheers,

++José

Labels (2)
Labels
1 user say ditto
3,995 Views
3 Solutions

Accepted Solutions
Albert_Candelario
Support
Support
‎2023-11-30 04:20 PM

In response to daveatkins

Hello all, @diagonjope  @daveatkins 

Thanks for posting here.

As it is also explained on https://www.arcticwolf.com/resources/blog/cve-2023-41265-cve-2023-41266-cve-2023-48365/ these vulnerabilities were already mentioned some time ago, we strongly recommend to stay on the mentioned patches or newest ones, as newest ones will have those fixes plus more fixes included as patches are cumulative as per the release notes.

Furthermore,  I strongly recommend you to subscribe to our Support Blog so next time you do not miss such communications and other relevant ones about Qlik products.

https://community.qlik.com/t5/Support-Updates/bg-p/qlik-support-updates-blog

https://community.qlik.com/t5/Support-Updates/Qlik-Sense-Enterprise-for-Windows-New-Security-Patches...

https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enter...

Cheers,

Albert

 

Please, remember to mark the thread as solved once getting the correct answer

View solution in original post

3,688 Views
David_Friend
Support
Support
‎2024-05-01 09:15 AM

@w7 : "All prior versions of Qlik Sense Enterprise on Windows are affected, including releases such as May 2022, February 2022, and earlier."

View solution in original post

1,496 Views
David_Friend
Support
Support
‎2024-05-02 02:56 PM

From the article:


This issue only impacts Qlik Sense Enterprise for Windows. Other Qlik products including Qlik Cloud and QlikView are NOT impacted.

View solution in original post

1,357 Views
10 Replies
daveatkins
Partner - Creator III
Partner - Creator III
‎2023-11-30 12:42 PM

we patched our servers earlier this year; can someone from Qlik please link/list the appropriate patch levels here again?

3,705 Views
0 Likes
Albert_Candelario
Support
Support
‎2023-11-30 04:20 PM

In response to daveatkins

Hello all, @diagonjope  @daveatkins 

Thanks for posting here.

As it is also explained on https://www.arcticwolf.com/resources/blog/cve-2023-41265-cve-2023-41266-cve-2023-48365/ these vulnerabilities were already mentioned some time ago, we strongly recommend to stay on the mentioned patches or newest ones, as newest ones will have those fixes plus more fixes included as patches are cumulative as per the release notes.

Furthermore,  I strongly recommend you to subscribe to our Support Blog so next time you do not miss such communications and other relevant ones about Qlik products.

https://community.qlik.com/t5/Support-Updates/bg-p/qlik-support-updates-blog

https://community.qlik.com/t5/Support-Updates/Qlik-Sense-Enterprise-for-Windows-New-Security-Patches...

https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enter...

Cheers,

Albert

 

Please, remember to mark the thread as solved once getting the correct answer
3,689 Views
diagonjope
Partner - Creator III
Partner - Creator III
‎2023-11-30 07:54 PM
Author

Thank you, @Albert_Candelario !

3,668 Views
w7
Contributor
Contributor
‎2024-04-29 11:59 AM

Is this version affected? It is not listed?

13.82.4 20200717

 

1,626 Views
0 Likes
Albert_Candelario
Support
Support
‎2024-05-01 07:27 AM

In response to w7

Hello @w7,

Thanks for posting.

Could you confirm the version by naming the "Month" "Year" and patch that you use?

Thanks in advance.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer
1,526 Views
0 Likes
w7
Contributor
Contributor
‎2024-05-01 08:19 AM

Version = 13.82.4

YYYYMMDD

Year = 2020

Month = 07

 

1,506 Views
0 Likes
David_Friend
Support
Support
‎2024-05-01 09:15 AM

@w7 : "All prior versions of Qlik Sense Enterprise on Windows are affected, including releases such as May 2022, February 2022, and earlier."

1,497 Views
Albert_Candelario
Support
Support
‎2024-05-02 04:49 AM

In response to w7

Thanks, please upgrade to version that does include the fix.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer
1,448 Views
0 Likes
SudharshanK
Creator
Creator
‎2024-05-02 02:53 PM

@Albert_Candelario  We are using Qlik Cloud in our organization. Has the cactus ransomware issue affected the cloud version as well? If so, has there been any patches applied to prevent this issue?

1,417 Views
0 Likes