CVE-2019-11628

Published May 1, 2019
Last updated 4 years ago
CVSS medium 6.5
Overview

Description: An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3, June 2018 Patch 3, September 2018 Patch 4, November 2018 Patch 4, or February 2019 Patch 2. An authenticated user may be able to bypass intended file-read restrictions via crafted Browser requests.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-917
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70348E24-DF95-4A83-820D-5F3C13055AE5"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FBE0588-1011-4616-AF13-5312CDC262F5"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C258DFA-C6E6-49F1-BE0F-4F1E78EF16B4"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D625AA7-2063-45F1-873F-9FE8BD1AD127"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED61447C-30A7-4369-AAB9-AC48B7ECE44C"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE8DEAE0-083D-472C-8C89-F6452CA07FA1"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA3B6615-A5F6-4DC6-B43B-E3C7D1453D86"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44A0F9B9-4169-45AB-A08D-0CD17AE9042E"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18CD5DDE-EE11-4D84-9830-22190C9D0BAC"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E959F54-6B26-47D8-849E-B2D4309CE9FC"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "804B8141-890B-49D3-AAF7-29B82DE458F4"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09765ABB-8EF3-48B8-A2CB-409574CDD491"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDEA544E-D63B-4797-8BDA-20B7B7BA6FC3"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "843EA971-B23E-4FD9-892D-AB5857C1AE47"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A11AC3DC-D026-4E43-9ADE-4E3BF0CC22EE"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44E5CA6C-9991-485F-98A7-7873684175D9"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D72BC295-687D-49AE-AB08-7A54F81066FA"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EC12134-E1F6-411B-962C-EC0F733FE9A1"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE1C9243-C526-4495-85EE-9DFF39E3747E"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76806FB7-5A08-4208-990F-5A255F74C3E9"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C8950D8-E839-4A57-BA91-86CAA412FE79"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F9C80CC-F74C-4FB8-946E-CB56C9EF1521"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2D58713-EDA5-49C5-92FB-F34292DED794"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DC4C1E3-401B-48DC-9E34-FB0805ADB1CC"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F51220EF-9CCB-4A52-8F8D-11A1141F2C21"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89E647FE-5A80-4455-AABA-F07B08A38641"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAF8B5BB-EA7C-4973-8095-5E8BDA6076D1"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.20:service_release_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93B22D9A-4F9C-43A5-9C06-8102507FD4EB"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.20:service_release_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "580CD55F-DE41-41B4-AA0E-996E670C408F"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.20:service_release_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1532D2D2-F60B-4E75-89EF-706013FB3DBD"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.20:service_release_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE2C1342-1417-47FB-A4FB-FFAF66AC778F"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlikview_server:12.30:service_release_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "873637C6-ADFE-4A15-9D33-F8D1092755B0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:qlik:qlik_analytics:april_2018:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B18B725-BDC3-4D09-A394-357294899ADF"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_analytics:february_2018:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58B51434-6094-41A3-8A2A-8E6BEBCAFF8D"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_analytics:february_2019:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52B01CFC-4052-47B3-AE3F-C35C6CB2420A"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_analytics:june_2017:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A717032-F242-4FBC-B161-0468D93C62C4"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_analytics:june_2018:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0090402D-58DF-4789-B58A-578B9F12AEAC"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_analytics:november_2017:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BAE1CAC-960E-4D47-B51E-B059DDB0359D"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_analytics:november_2018:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4304015D-9F88-42BC-A47E-AE97B4E376EB"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_analytics:september_2017:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04DAA0C1-C364-4569-8FA4-610CD1E36CED"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_analytics:september_2018:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE495C90-D556-466D-AABF-5C63641A7B43"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_sense:april_2018:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F70CE603-B271-4388-9807-C443356277B2"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_sense:february_2018:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CA0BCEC-51E6-485B-8149-2703E24249A9"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_sense:february_2019:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1C4A9DD-6B2D-400E-88B0-5D923CAC2118"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_sense:june_2017:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F12B37BF-9FC8-4FED-90A8-73553E7E517B"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_sense:june_2018:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DB72ED4-AD95-4A05-99B7-BA1C13565CA3"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_sense:november_2017:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD584882-AF47-4219-BA91-0A6BD2120F3E"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_sense:november_2018:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72BD1752-05AE-42CF-BA4E-1036A269C96D"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_sense:september_2017:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA72F3BE-791D-4D7B-925C-2B1E93319EA9"
          },
          {
            "criteria": "cpe:2.3:a:qlik:qlik_sense:september_2018:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B0543DF-9C64-4545-996E-6B5B572A52AA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
