Vendor CVEs
Qlik
All CVEs
33 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6264 | Cri | 0.64 | 9.8 | 0.01 | Apr 14, 2026 | A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by… | ||
| CVE-2024-55579 | Hig | 0.57 | 8.8 | 0.00 | Dec 9, 2024 | An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February… | ||
| CVE-2024-36077 | Hig | 0.57 | 8.8 | 0.01 | May 22, 2024 | Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024… | ||
| CVE-2026-9057 | Hig | 0.53 | 8.2 | 0.00 | May 20, 2026 | A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available. | ||
| CVE-2024-29863 | Hig | 0.51 | 7.8 | 0.00 | Apr 5, 2024 | A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be executed in the context of a Windows Administrator. | ||
| CVE-2024-55580 | Hig | 0.49 | 7.5 | 0.00 | Dec 9, 2024 | An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. This is fixed in… | ||
| CVE-2020-36994 | Med | 0.40 | 6.2 | 0.00 | Jan 29, 2026 | QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent… | ||
| CVE-2026-9056 | Med | 0.35 | 5.4 | 0.00 | May 20, 2026 | A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user. | ||
| CVE-2023-41266 | 0.26 | — | 0.85 | KEV | Aug 29, 2023 | A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate… | ||
| CVE-2023-41265 | 0.25 | — | 0.85 | KEV | Aug 29, 2023 | An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their… | ||
| CVE-2023-48365 | 0.22 | — | 0.25 | KEV | Nov 15, 2023 | Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP… | ||
| CVE-2015-3623 | 0.04 | — | 0.16 | Sep 16, 2015 | XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx. | |||
| CVE-2025-61138 | 0.00 | — | 0.00 | Nov 20, 2025 | Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory. | |||
| CVE-2023-36301 | 0.00 | — | 0.01 | Jun 26, 2023 | Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet. | |||
| CVE-2023-33247 | 0.00 | — | 0.00 | May 26, 2023 | Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the… | |||
| CVE-2023-31444 | 0.00 | — | 0.01 | Apr 28, 2023 | In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge. | |||
| CVE-2023-26264 | 0.00 | — | 0.00 | Apr 13, 2023 | All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code. | |||
| CVE-2023-26263 | 0.00 | — | 0.00 | Apr 13, 2023 | All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server. | |||
| CVE-2022-42248 | 0.00 | — | 0.00 | Mar 6, 2023 | QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality. | |||
| CVE-2022-45589 | 0.00 | — | 0.01 | Feb 6, 2023 | All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a… | |||
| CVE-2022-45588 | 0.00 | — | 0.00 | Feb 3, 2023 | All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud… | |||
| CVE-2021-41988 | 0.00 | — | 0.00 | Jan 26, 2023 | Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions. | |||
| CVE-2021-41989 | 0.00 | — | 0.00 | Jan 26, 2023 | Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions. | |||
| CVE-2022-30332 | 0.00 | — | 0.01 | Jan 10, 2023 | In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via… | |||
| CVE-2021-4311 | 0.00 | — | 0.01 | Jan 9, 2023 | A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793.… | |||
| CVE-2022-4818 | 0.00 | — | 0.01 | Dec 28, 2022 | A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external… | |||
| CVE-2022-31648 | 0.00 | — | 0.01 | May 26, 2022 | Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration… | |||
| CVE-2022-29943 | 0.00 | — | 0.01 | May 4, 2022 | Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions… | |||
| CVE-2022-29942 | 0.00 | — | 0.01 | May 4, 2022 | Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175,… | |||
| CVE-2022-0564 | 0.00 | — | 0.01 | Feb 21, 2022 | A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare… | |||
| CVE-2021-42837 | 0.00 | — | 0.01 | Nov 5, 2021 | An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will… | |||
| CVE-2021-40684 | 0.00 | — | 0.01 | Sep 22, 2021 | Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container… | |||
| CVE-2019-11628 | 0.00 | — | 0.01 | May 1, 2019 | An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3,… |
- risk 0.64cvss 9.8epss 0.01
A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by…
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February…
- risk 0.57cvss 8.8epss 0.01
Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024…
- risk 0.53cvss 8.2epss 0.00
A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available.
- risk 0.51cvss 7.8epss 0.00
A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be executed in the context of a Windows Administrator.
- risk 0.49cvss 7.5epss 0.00
An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. This is fixed in…
- risk 0.40cvss 6.2epss 0.00
QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent…
- risk 0.35cvss 5.4epss 0.00
A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user.
- risk 0.26cvss —epss 0.85
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate…
- risk 0.25cvss —epss 0.85
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their…
- risk 0.22cvss —epss 0.25
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP…
- CVE-2015-3623Sep 16, 2015risk 0.04cvss —epss 0.16
XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.
- CVE-2025-61138Nov 20, 2025risk 0.00cvss —epss 0.00
Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory.
- CVE-2023-36301Jun 26, 2023risk 0.00cvss —epss 0.01
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.
- CVE-2023-33247May 26, 2023risk 0.00cvss —epss 0.00
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the…
- CVE-2023-31444Apr 28, 2023risk 0.00cvss —epss 0.01
In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge.
- CVE-2023-26264Apr 13, 2023risk 0.00cvss —epss 0.00
All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code.
- CVE-2023-26263Apr 13, 2023risk 0.00cvss —epss 0.00
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server.
- CVE-2022-42248Mar 6, 2023risk 0.00cvss —epss 0.00
QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.
- CVE-2022-45589Feb 6, 2023risk 0.00cvss —epss 0.01
All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a…
- CVE-2022-45588Feb 3, 2023risk 0.00cvss —epss 0.00
All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud…
- CVE-2021-41988Jan 26, 2023risk 0.00cvss —epss 0.00
Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions.
- CVE-2021-41989Jan 26, 2023risk 0.00cvss —epss 0.00
Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions.
- CVE-2022-30332Jan 10, 2023risk 0.00cvss —epss 0.01
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via…
- CVE-2021-4311Jan 9, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793.…
- CVE-2022-4818Dec 28, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external…
- CVE-2022-31648May 26, 2022risk 0.00cvss —epss 0.01
Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration…
- CVE-2022-29943May 4, 2022risk 0.00cvss —epss 0.01
Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions…
- CVE-2022-29942May 4, 2022risk 0.00cvss —epss 0.01
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175,…
- CVE-2022-0564Feb 21, 2022risk 0.00cvss —epss 0.01
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare…
- CVE-2021-42837Nov 5, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will…
- CVE-2021-40684Sep 22, 2021risk 0.00cvss —epss 0.01
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container…
- CVE-2019-11628May 1, 2019risk 0.00cvss —epss 0.01
An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3,…