{"id":4595,"date":"2024-05-17T16:33:39","date_gmt":"2024-05-17T14:33:39","guid":{"rendered":"https:\/\/www.2foqus.nl\/?p=4595"},"modified":"2024-12-05T10:36:45","modified_gmt":"2024-12-05T09:36:45","slug":"beveiligingslek-qlik-sense-enterprise-on-windows","status":"publish","type":"post","link":"https:\/\/cmotions.com\/en\/security-breach-qlik-sense-enterprise-on-windows\/","title":{"rendered":"Security vulnerability Qlik Sense Enterprise on Windows"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\u2033 admin_label=\"section\" _builder_version=\"4.25.1\u2033 background_color=\"#000000\u2033 global_colors_info=\"{}\"][et_pb_row admin_label=\"row\" _builder_version=\"4.25.1\u2033 background_color=\"#000000\u2033 background_size=\"initial\" background_position=\"top_left\" background_repeat=\"repeat\" width=\"100%\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\u2033 _builder_version=\"4.16\u2033 custom_padding=\"|||\" global_colors_info=\"{}\" custom_padding__hover=\"|||\"][et_pb_text _builder_version=\"4.25.1\u2033 _module_preset=\"default\" header_text_color=\"#FFFFFF\" header_font_size=\"42px\" header_2_text_color=\"#FFFFFF\" global_colors_info=\"{}\"]<\/p>\n<h1>Security vulnerability Qlik Sense Enterprise on Windows<\/h1>\n<p><em>Update May 17, 2024<\/em><\/p>\n<p>A new security vulnerability \"Privilege escalation for authenticated\/anonymous user\" has been discovered. The <a href=\"https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\" target=\"_blank\" rel=\"noopener\">scoring system CVSS V3.1<\/a>\u00a0detects this as high (CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H 8.8 (High).<\/p>\n<h2>Description of the security vulnerability in Qlik<\/h2>\n<p><em>Due to improper input validation, a remote attacker with existing privileges can elevate them to the internal system role, which in turns allows them to execute commands on the server.\u00a0<\/em><\/p>\n<h2>Which versions are affected?<\/h2>\n<p><em>All<\/em> versions of Qlik Sense Enterprise On Windows - including the releases below - have been affected by the security vulnerability:<\/p>\n<ul>\n<li>February 2024 Patch 3<\/li>\n<li>November 2023 Patch 8<\/li>\n<li>August 2023 Patch 13<\/li>\n<li>May 2023 Patch 15<\/li>\n<li>February 2023 Patch 13<\/li>\n<li>November 2022 Patch 13<\/li>\n<li>August 2022 Patch 16<\/li>\n<li>May 2022 Patch 17<\/li>\n<\/ul>\n<h2>Our advice for fixing the security hole in Qlik<\/h2>\n<p>[\/et_pb_text][et_pb_blurb title=\"Checking\" use_icon=\"on\" font_icon=\"\uf14a||fa|||900\u2033 icon_placement=\"left\" content_max_width=\"100%\" _builder_version=\"4.25.1\u2033 _module_preset=\"default\" header_text_color=\"#FFFFFF\" global_colors_info=\"{}\"]<\/p>\n<p>First, verify that your Qlik environment matches the list of versions below. If your Qlik Sense environment is open to outside access, close this access immediately.<\/p>\n<p>[\/et_pb_blurb][et_pb_blurb title=\"Install\" use_icon=\"on\" font_icon=\"\uf14a||fa|||900\u2033 icon_placement=\"left\" content_max_width=\"100%\" _builder_version=\"4.25.1\u2033 _module_preset=\"default\" header_text_color=\"#FFFFFF\" global_colors_info=\"{}\"]<\/p>\n<p>Next, install the patch provided by Qlik. In cooperation with Active Professionals, we have opened a page where the patch can be downloaded: <a href=\"https:\/\/active-professionals.nl\/download\/qlik\/\" target=\"_blank\" rel=\"noopener\">https:\/\/active-professionals.nl\/download\/qlik\/.<\/a><\/p>\n<p>[\/et_pb_blurb][et_pb_blurb title=\"Upgrade\" use_icon=\"on\" font_icon=\"\uf14a||fa||||900\u2033 icon_placement=\"left\" content_max_width=\"100%\" _builder_version=\"4.25.1\u2033 _module_preset=\"default\" header_text_color=\"#FFFFFF\" global_colors_info=\"{}\"]<\/p>\n<p>Upgrade your Qlik Sense Enterprise On Windows environment to one of the versions below. These upgrades include the fixes for the security vulnerability:<\/p>\n<ul>\n<li>May 2024 Initial Release<\/li>\n<li>February 2024 Patch 4<\/li>\n<li>November 2023 Patch 9<\/li>\n<li>August 2023 Patch 14<\/li>\n<li>May 2023 Patch 16<\/li>\n<li>February 2023 Patch 14<\/li>\n<li>November 2022 Patch 14<\/li>\n<li>August 2022 Patch 17<\/li>\n<li>May 2022 Patch 18<\/li>\n<\/ul>\n<p>[\/et_pb_blurb][et_pb_text _builder_version=\"4.25.1\u2033 _module_preset=\"default\" header_2_text_color=\"#FFFFFF\" global_colors_info=\"{}\"]<\/p>\n<h2>Always stay up-to-date<\/h2>\n<p>Of course, we can also take care of the update for you - this costs only \u20ac450. <a href=\"https:\/\/www.2foqus.nl\/contact\/\" target=\"_blank\" rel=\"noopener\">Please contact us<\/a> and then we will schedule a convenient time with you as soon as possible.<\/p>\n<p>If you want to be relieved in the future of updating your Qlik Sense Enterprise on Windows, choose the Update Subscription. Qlik makes a major (functional) update available twice a year. For \u20ac650,- per year we make sure your environment is always running on the latest version. Within the subscription you are also relieved for critical updates such as the above security vulnerability. <a href=\"https:\/\/www.2foqus.nl\/contact\/\" target=\"_blank\" rel=\"noopener\">Contact us for more information.<\/a><\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section].<\/p>","protected":false},"excerpt":{"rendered":"<p>Update May 17, 2024<\/p>\n<p>A new security vulnerability \"Privilege escalation for authenticated\/anonymous user\" has been discovered. The scoring system CVSS V3.1 detects this as high (CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H 8.8 (High).<\/p>\n<p>Check here how to fix it.<\/p>","protected":false},"author":2,"featured_media":5947,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[29,24],"tags":[],"class_list":["post-4595","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-qlik","category-blog"],"_links":{"self":[{"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/posts\/4595","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/comments?post=4595"}],"version-history":[{"count":18,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/posts\/4595\/revisions"}],"predecessor-version":[{"id":5099,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/posts\/4595\/revisions\/5099"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/media\/5947"}],"wp:attachment":[{"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/media?parent=4595"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/categories?post=4595"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/tags?post=4595"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}