Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
Katie_Davis
Digital Support
Digital Support

Qlik is aware that a set of well publicized vulnerabilities have been identified in the popular Java Spring Framework. These vulnerabilities have been assigned references CVE-2022-22965 (also known as "Spring4Shell"), CVE-2022-22947, CVE-2022-22950 and CVE-2022-22963. 

 

Qlik has been diligently reviewing our product suite since we’ve become aware of these issues. We want to ensure Qlik users that your security is our upmost priority. As always, we recommend customers stay up-to-date on the most recent releases available for your product. 

 

Products Not Impacted 

The following products are NOT affected: 

  • Qlik Cloud 
  • Client-Managed Qlik Sense Enterprise and QlikView (all versions) 
  • GeoAnalytics (all versions) 
  • Qlik Compose (all versions) 
  • Qlik Compose for Data Lakes (all versions) 
  • Qlik Compose for Data Warehouses (all versions) 
  • Qlik Enterprise Manager (all versions) 
  • Qlik NPrinting
  • Qlik Replicate (all versions) ** 

** Qlik Replicate contains libraries that contain the affected code, but they are not used in a way that is exploitable. These will be removed in a upcoming patch. 

 
Products Impacted 

Our testing shows only client-managed versions of Qlik Catalog are directly impacted (by CVE-2022-22965 and CVE-2022-22950) and a patch will be available as Feb 2022 SR2 and for the May 2022 release. Mitigation steps for earlier releases are linked in this knowledge base article.

 

Update 4/04/2022 8:15p.m EST

Qlik Catalog Feb 2022 SR2 is now available on the Downloads Site. Please be sure to be logged into Qlik Community with your Qlik ID to access. Katie_Davis_0-1649118041857.png

 

 

Please subscribe to our Support Updates blog for continued updates as they become available. 

Thank you for choosing Qlik,  

Qlik Global Support 

10 Comments