Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
Sonja_Bauernfeind
Digital Support
Digital Support

Update 21st of March 16:00 CET: published CVE number
Update 27th of March 10:45 CET: added FAQ

Hello Qlik Users,

A security issue in QlikView has been identified and patches have been made available. Details can be found in the Security Bulletin High Severity Security fix for QlikView (CVE-2024-29863).

Today, 20th of March 2024, we have released two service releases across the latest versions of QlikView to patch the reported issue. All versions of QlikView prior to and including the releases below are impacted:

  • QlikView May 2023 SR1 (12.80.20100)
  • QlikView May 2022 SR2 (12.70.20200)

 

Call to Action

As no workarounds can be provided, Customers should upgrade QlikView to one of the following versions that contain the fix:

  • QlikView May 2023 SR2 (12.80.20200)
  • QlikView May 2022 SR3 (12.70.20300)
This issue only impacts QlikView. Other Qlik data analytics products including Qlik Cloud and Qlik Sense Enterprise on Windows are not impacted.

Additional Details


The Security Notice label is used to notify customers about security patches and upgrades that require a customer’s action. Please subscribe to the ‘Security Notice’ label to be notified of future updates. 

Frequently Asked Questions

Q: Is the vulnerability present in the QlikView Plugin or other QlikView products? 
A: The vulnerability is related to the MSI files on disk.

Q: Will deleting the MSI files mitigate the issue?
A: Qlik does not consider removing the MSI files a complete workaround. A server user can restore them.

44 Comments
sis
Partner - Specialist
Partner - Specialist

@Sonja_Bauernfeind 

Has there been any progress in investigating my question?
I would be grateful if you could tell me the status of the survey.

Thank you in advance.

1,250 Views
Sonja_Bauernfeind
Digital Support
Digital Support

Hello @sis 

I will update you as soon as I've received the pending information.

All the best,
Sonja 

1,182 Views
m_teraji
Partner - Contributor III
Partner - Contributor III

Hello @Sonja_Bauernfeind 

The May 2023 SR2 MSI file (IE Plugin) is on the disk (local folder or file server).
Is it okay if the MSI file is located anywhere?

I am installing the IE plugin by extracting the MSI file from the QvPluginSetup.exe file.

Best regards,
mteraji

1,094 Views
Sonja_Bauernfeind
Digital Support
Digital Support

Hello @m_teraji 

As mentioned in the original bulletin, moving or removing the MSI files is not considered a suitable mitigation method.

All the best,
Sonja

1,071 Views
m_teraji
Partner - Contributor III
Partner - Contributor III

Hello @Sonja_Bauernfeind 

Thank you for your reply.

I installed the IE plugin by extracting the MSI file from the QvPluginSetup.exe file.(Silent Installation)
The version is May2023SR2.
I understand that this issue has been resolved as May2023SR2 release.
Does it matter which folder the MSI of fixed version May2023SR2 is located?

Best regards,
mteraji

1,026 Views
Sonja_Bauernfeind
Digital Support
Digital Support

Hello @m_teraji 

The location of the file does not need to be taken into account. As you are on a fixed version, you are not affected by the vulnerability. 

My apologies for missing the version you mentioned in your first post!

All the best,
Sonja 

991 Views
manjunathngnvs
Contributor
Contributor

This is about Qlik Sense Enterprise for Windows Remote Code Execution (RCE) Vulnerability (Authenticated) - CVE-2023-48365, there is one asset detected with this vulnerability and per the below advisory there is no download page available in the download link, please advise

Customers should upgrade Qlik Sense Enterprise for Windows to a version containing fixes for these issues. Fixes are available for the following versions: 

  • August 2023 Initial Release 
  • May 2023 Patch 4 
  • February 2023 Patch 8 
  • November 2022 Patch 11 
  • August 2022 Patch 13 

All Qlik software can be downloaded from our official Qlik Download page (customer login required).

889 Views
Sonja_Bauernfeind
Digital Support
Digital Support

Hello @manjunathngnvs 

If you see problems accessing the download page, please contact our support agents through chat (the green Chat Now button in the bottom right corner of the screen). Provide them with information on what issue you are facing accessing the page (any error messages or a screenshot).

All the best,
Sonja 

803 Views
manjunathngnvs
Contributor
Contributor

Thank you for your advise, I got below answer from the chat bot and found the link to download

To download Qlik Sense Enterprise, you can visit the Qlik Download Site. Here are the steps to download the installation files:
Go to the Qlik Community website.
Navigate to Support > Product News > Product Downloads.
On the Product Downloads page, select "Qlik Data Analytics" or "Qlik Data Integration" based on your requirements.
Choose the desired product from the available options.
Use the filters to narrow down your list of possible downloads.
Click on the download link in the Download Assets table to start the download.
Please note that the specific version and release of Qlik Sense Enterprise may vary. Make sure to select the appropriate version that suits your needs.

766 Views
Saltenis
Contributor
Contributor

@Sonja_Bauernfeind 

It's been a month since you forwarded our questions to responsible team, do we have any ETA on this?

612 Views