Update 21st of March 16:00 CET: published CVE number
Update 27th of March 10:45 CET: added FAQ
Hello Qlik Users,
A security issue in QlikView has been identified and patches have been made available. Details can be found in the Security Bulletin High Severity Security fix for QlikView (CVE-2024-29863).
Today, 20th of March 2024, we have released two service releases across the latest versions of QlikView to patch the reported issue. All versions of QlikView prior to and including the releases below are impacted:
- QlikView May 2023 SR1 (12.80.20100)
- QlikView May 2022 SR2 (12.70.20200)
Call to Action
As no workarounds can be provided, Customers should upgrade QlikView to one of the following versions that contain the fix:
- QlikView May 2023 SR2 (12.80.20200)
- QlikView May 2022 SR3 (12.70.20300)
This issue only impacts QlikView. Other Qlik data analytics products including Qlik Cloud and Qlik Sense Enterprise on Windows are not impacted.
Additional Details
The Security Notice label is used to notify customers about security patches and upgrades that require a customer’s action. Please subscribe to the ‘Security Notice’ label to be notified of future updates.
Frequently Asked Questions
Q: Is the vulnerability present in the QlikView Plugin or other QlikView products?
A: The vulnerability is related to the MSI files on disk.
Q: Will deleting the MSI files mitigate the issue?
A: Qlik does not consider removing the MSI files a complete workaround. A server user can restore them.