Lucene search

[email protected]CVE-2019-11628

HistoryMay 01, 2019 - 3:29 a.m.

CVE-2019-11628

2019-05-0103:29:00

CWE-917

[email protected]

web.nvd.nist.gov

cve-2019-11628

qlikview

qlik sense

authenticated user

file-read restrictions

security vulnerability

patch levels

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.6%

JSON

An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3, June 2018 Patch 3, September 2018 Patch 4, November 2018 Patch 4, or February 2019 Patch 2. An authenticated user may be able to bypass intended file-read restrictions via crafted Browser requests.

Affected configurations

NVD

Node

qlikqlikview_serverMatch11.20service_release_1

qlikqlikview_serverMatch11.20service_release_10

qlikqlikview_serverMatch11.20service_release_11

qlikqlikview_serverMatch11.20service_release_12

qlikqlikview_serverMatch11.20service_release_13

qlikqlikview_serverMatch11.20service_release_14

qlikqlikview_serverMatch11.20service_release_15

qlikqlikview_serverMatch11.20service_release_16

qlikqlikview_serverMatch11.20service_release_17

qlikqlikview_serverMatch11.20service_release_2

qlikqlikview_serverMatch11.20service_release_3

qlikqlikview_serverMatch11.20service_release_4

qlikqlikview_serverMatch11.20service_release_5

qlikqlikview_serverMatch11.20service_release_6

qlikqlikview_serverMatch11.20service_release_7

qlikqlikview_serverMatch11.20service_release_8

qlikqlikview_serverMatch11.20service_release_9

qlikqlikview_serverMatch12.00

qlikqlikview_serverMatch12.10service_release_1

qlikqlikview_serverMatch12.10service_release_2

qlikqlikview_serverMatch12.10service_release_3

qlikqlikview_serverMatch12.10service_release_4

qlikqlikview_serverMatch12.10service_release_5

qlikqlikview_serverMatch12.10service_release_6

qlikqlikview_serverMatch12.10service_release_7

qlikqlikview_serverMatch12.10service_release_8

qlikqlikview_serverMatch12.10service_release_9

qlikqlikview_serverMatch12.20service_release_1

qlikqlikview_serverMatch12.20service_release_2

qlikqlikview_serverMatch12.20service_release_3

qlikqlikview_serverMatch12.20service_release_4

qlikqlikview_serverMatch12.30service_release_1

Node

qlikqlik_analyticsMatchapril_2018

qlikqlik_analyticsMatchfebruary_2018

qlikqlik_analyticsMatchfebruary_2019

qlikqlik_analyticsMatchjune_2017

qlikqlik_analyticsMatchjune_2018

qlikqlik_analyticsMatchnovember_2017

qlikqlik_analyticsMatchnovember_2018

qlikqlik_analyticsMatchseptember_2017

qlikqlik_analyticsMatchseptember_2018

qlikqlik_senseMatchapril_2018enterprise

qlikqlik_senseMatchfebruary_2018enterprise

qlikqlik_senseMatchfebruary_2019enterprise

qlikqlik_senseMatchjune_2017enterprise

qlikqlik_senseMatchjune_2018enterprise

qlikqlik_senseMatchnovember_2017enterprise

qlikqlik_senseMatchnovember_2018enterprise

qlikqlik_senseMatchseptember_2017enterprise

qlikqlik_senseMatchseptember_2018enterprise

CPENameOperatorVersion
qlik:qlikview_serverqlik qlikview servereq11.20
qlik:qlikview_serverqlik qlikview servereq12.00
qlik:qlikview_serverqlik qlikview servereq12.10
qlik:qlikview_serverqlik qlikview servereq12.20
qlik:qlikview_serverqlik qlikview servereq12.30

CPE	Name	Operator	Version
qlik:qlikview_server	qlik qlikview server	eq	11.20
qlik:qlikview_server	qlik qlikview server	eq	12.00
qlik:qlikview_server	qlik qlikview server	eq	12.10
qlik:qlikview_server	qlik qlikview server	eq	12.20
qlik:qlikview_server	qlik qlikview server	eq	12.30

References

qliksupport.force.com/articles/000069985

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.6%

JSON

Related for CVE-2019-11628

prion1 cvelist1 nvd1