Security vulnerability Qlik Sense Enterprise on Windows

Update May 17, 2024

A new security vulnerability "Privilege escalation for authenticated/anonymous user" has been discovered. The scoring system CVSS V3.1 detects this as high (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 8.8 (High).

Description of the security vulnerability in Qlik

Due to improper input validation, a remote attacker with existing privileges can elevate them to the internal system role, which in turns allows them to execute commands on the server. 

Which versions are affected?

All versions of Qlik Sense Enterprise On Windows - including the releases below - have been affected by the security vulnerability:

  • February 2024 Patch 3
  • November 2023 Patch 8
  • August 2023 Patch 13
  • May 2023 Patch 15
  • February 2023 Patch 13
  • November 2022 Patch 13
  • August 2022 Patch 16
  • May 2022 Patch 17

Our advice for fixing the security hole in Qlik

Check

First, verify that your Qlik environment matches the list of versions below. If your Qlik Sense environment is open to outside access, close this access immediately.

Install

Next, install the patch provided by Qlik. In cooperation with Active Professionals, we have opened a page where the patch can be downloaded: https://active-professionals.nl/download/qlik/.

Upgrading

Upgrade your Qlik Sense Enterprise On Windows environment to one of the versions below. These upgrades include the fixes for the security vulnerability:

  • May 2024 Initial Release
  • February 2024 Patch 4
  • November 2023 Patch 9
  • August 2023 Patch 14
  • May 2023 Patch 16
  • February 2023 Patch 14
  • November 2022 Patch 14
  • August 2022 Patch 17
  • May 2022 Patch 18

Always stay up-to-date

Of course, we can also take care of the update for you - this costs only €450. Please contact us and then we will schedule a convenient time with you as soon as possible.

If you want to be relieved in the future of updating your Qlik Sense Enterprise on Windows, choose the Update Subscription. Qlik makes a major (functional) update available twice a year. For €650,- per year we make sure your environment is always running on the latest version. Within the subscription you are also relieved for critical updates such as the above security vulnerability. Contact us for more information.

Recent posts