Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
July 15, NEW Customer Portal: Initial launch will improve how you submit Support Cases. IMPORTANT DETAILS
Sonja_Bauernfeind
Digital Support
Digital Support
‎2024-05-15 05:14 AM

Qlik Sense Enterprise for Windows - New Security Patches Available Now

Edited 20th of May 2024: Added recently assigned CVE number.
Edited 22nd of May 2024: Added to the Frequently Asked Questions.

 

Hello Qlik Users,

A security issue in Qlik Sense Enterprise for Windows has been identified, and patches have been made available. Details can be found in Security Bulletin High Severity Security fixes for Qlik Sense Enterprise for Windows (CVE-2024-36077).

Today, we have released eight service releases across the latest versions of Qlik Sense to patch the reported issue. All versions of Qlik Sense Enterprise for Windows prior to and including these releases are impacted:

  • February 2024 Patch 3 
  • November 2023 Patch 8 
  • August 2023 Patch 13 
  • May 2023 Patch 15 
  • February 2023 Patch 13 
  • November 2022 Patch 13 
  • August 2022 Patch 16 
  • May 2022 Patch 17

 

No workarounds can be provided. Customers should upgrade Qlik Sense Enterprise for Windows to a version containing fixes for these issues. May 2024 IR, released on the 14th of May, contains the fix as well

  • May 2024 Initial Release 
  • February 2024 Patch 4 
  • November 2023 Patch 9 
  • August 2023 Patch 14 
  • May 2023 Patch 16 
  • February 2023 Patch 14 
  • November 2022 Patch 14 
  • August 2022 Patch 17 
  • May 2022 Patch 18 
This issue only impacts Qlik Sense Enterprise for Windows. Other Qlik products including Qlik Cloud and QlikView are NOT impacted.

All Qlik software can be downloaded from our official Qlik Download page (customer login required). Follow best practices when upgrading Qlik Sense.

The information in this post and Security Bulletin High Severity Security fixes for Qlik Sense Enterprise for Windows (CVE-2024-36077) are disclosed in accordance with our published Security and Vulnerability Policy.

 

Frequently Asked Questions

Q: What steps can be used to reproduce the vulnerability?
A: Qlik will not be providing steps on how to reproduce this test case.

Q: What authentication method is affected?
A: Qlik strongly recommends moving to a patched version as per the bulletin, regardless of the authentication method used.

Q: Will Qlik Sense February 2022 or earlier be patched?
A: See the Qlik Sense Enterprise on Windows Product Lifecycle (link) for information on what versions of Qlik Sense have reached End of Service (EOS). Versions which have reached EOS will not receive patches and Qlik strongly recommends moving to an up to date release.

 

The Security Notice label is used to notify customers about security patches and upgrades that require a customer’s action. Please subscribe to the ‘Security Notice’ label to be notified of future updates. 

 

Thank you for choosing Qlik,

Qlik Global Support

13,316 Views
36 Comments
mbespartochnyy
Creator III
Creator III
‎2024-05-28 07:46 PM

I second @jeremyseipel's comment. Seeing others bring up potential issues while upgrading and knowing how those issues can be avoided or fixed can help others to more successfully go through an upgrade process.

A good solution might be to create a post on the support blog, as suggested, and then make a comment here with a link to the blog post so that others would have visibility to issues and then follow the support blog post to offer and find solutions there.

In any case, thanks for putting together this support update! It's good to be aware of critical updates like this one.

576 Views
eyalnir_qlik
Partner - Creator
Partner - Creator
3 weeks ago

Hi @Sonja_Bauernfeind 

We got repeatable questions regarding CVE Security fixes from customers whose running offline environment. (i.e., not connected to the internet), is it still susceptible to these vulnerabilities ? 

I strongly recommends applying the security patches or upgrading to a secure version of Qlik Sense Enterprise for Windows, i didn't find any feedback in any related articles for CVE, or any Qlik's declaration 

what is your recommendations ?

Many thanks for your feedback

0 Likes
384 Views
Sonja_Bauernfeind
Digital Support
Digital Support
2 weeks ago

Hello @eyalnir_qlik 

Qlik advises an upgrade.

All the best,
Sonja 

357 Views
Sivapriya_d
Creator
Creator
a week ago

Hi @Sonja_Bauernfeind ,

We are planning to do upgrade in our platform. Will the vulnerabilities not fixed if we install Feb 2024 Latest patch (Patch 7) instead of Patch 4 or May 2024 latest patch (Patch3) instead of initial release.

Can you please advise.

Thanks,
Sivapriya

0 Likes
326 Views
p_verkooijen
Partner - Specialist
Partner - Specialist
a week ago

@Sivapriya_d as long as you install a patch higher than the impacted version you will be fine.

 

All versions of Qlik Sense Enterprise for Windows prior to and including these releases are impacted:

  • February 2024 Patch 3 
  • November 2023 Patch 8 
  • August 2023 Patch 13 
  • May 2023 Patch 15 
  • February 2023 Patch 13 
  • November 2022 Patch 13 
  • August 2022 Patch 16 
  • May 2022 Patch 17
0 Likes
273 Views
Sonja_Bauernfeind
Digital Support
Digital Support
Monday

Hello @Sivapriya_d 

As mentioned by @p_verkooijen (thank you!), February 2024 Patch 7 includes the fix. 

All the best,
Sonja 

0 Likes
158 Views
Subscribe by Topic