Qlikview
by Qlik
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29863 | Hig | 0.51 | 7.8 | 0.00 | Apr 5, 2024 | A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be executed in the context of a Windows Administrator. | ||
| CVE-2020-36994 | Med | 0.40 | 6.2 | 0.00 | Jan 29, 2026 | QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent… | ||
| CVE-2015-3623 | 0.04 | — | 0.16 | Sep 16, 2015 | XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx. | |||
| CVE-2022-42248 | 0.00 | — | 0.00 | Mar 6, 2023 | QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality. | |||
| CVE-2021-41989 | 0.00 | — | 0.00 | Jan 26, 2023 | Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions. | |||
| CVE-2019-11628 | 0.00 | — | 0.01 | May 1, 2019 | An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3,… |
- risk 0.51cvss 7.8epss 0.00
A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be executed in the context of a Windows Administrator.
- risk 0.40cvss 6.2epss 0.00
QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent…
- CVE-2015-3623Sep 16, 2015risk 0.04cvss —epss 0.16
XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.
- CVE-2022-42248Mar 6, 2023risk 0.00cvss —epss 0.00
QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.
- CVE-2021-41989Jan 26, 2023risk 0.00cvss —epss 0.00
Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions.
- CVE-2019-11628May 1, 2019risk 0.00cvss —epss 0.01
An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3,…