An issue exists in QlikView Server prior to 11.20 SR19, 12.00 and 12.10 prior to 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3, June 2018 Patch 3, September 2018 Patch 4, November 2018 Patch 4, or February 2019 Patch 2. An authenticated user may be able to bypass intended file-read restrictions via crafted Browser requests.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
qlik qlikview server 12.30 |
||
qlik qlikview server 11.20 |
||
qlik qlikview server 12.10 |
||
qlik qlikview server 12.20 |
||
qlik qlikview server 12.00 |
||
qlik qlik sense september_2017 |
||
qlik qlik sense february_2018 |
||
qlik qlik analytics september_2017 |
||
qlik qlik analytics february_2018 |
||
qlik qlik sense february_2019 |
||
qlik qlik sense september_2018 |
||
qlik qlik sense november_2018 |
||
qlik qlik sense april_2018 |
||
qlik qlik sense june_2018 |
||
qlik qlik analytics february_2019 |
||
qlik qlik analytics september_2018 |
||
qlik qlik analytics november_2018 |
||
qlik qlik analytics april_2018 |
||
qlik qlik sense november_2017 |
||
qlik qlik sense june_2017 |
||
qlik qlik analytics november_2017 |
||
qlik qlik analytics june_2017 |
||
qlik qlik analytics june_2018 |
Vulmon