CVE-2019-11628
Published May 1, 2019
Last updated 4 years ago
Overview
- Description
- An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3, June 2018 Patch 3, September 2018 Patch 4, November 2018 Patch 4, or February 2019 Patch 2. An authenticated user may be able to bypass intended file-read restrictions via crafted Browser requests.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-917
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70348E24-DF95-4A83-820D-5F3C13055AE5"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FBE0588-1011-4616-AF13-5312CDC262F5"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C258DFA-C6E6-49F1-BE0F-4F1E78EF16B4"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D625AA7-2063-45F1-873F-9FE8BD1AD127"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED61447C-30A7-4369-AAB9-AC48B7ECE44C"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE8DEAE0-083D-472C-8C89-F6452CA07FA1"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA3B6615-A5F6-4DC6-B43B-E3C7D1453D86"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44A0F9B9-4169-45AB-A08D-0CD17AE9042E"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18CD5DDE-EE11-4D84-9830-22190C9D0BAC"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E959F54-6B26-47D8-849E-B2D4309CE9FC"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "804B8141-890B-49D3-AAF7-29B82DE458F4"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09765ABB-8EF3-48B8-A2CB-409574CDD491"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDEA544E-D63B-4797-8BDA-20B7B7BA6FC3"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "843EA971-B23E-4FD9-892D-AB5857C1AE47"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A11AC3DC-D026-4E43-9ADE-4E3BF0CC22EE"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44E5CA6C-9991-485F-98A7-7873684175D9"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D72BC295-687D-49AE-AB08-7A54F81066FA"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1EC12134-E1F6-411B-962C-EC0F733FE9A1"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE1C9243-C526-4495-85EE-9DFF39E3747E"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76806FB7-5A08-4208-990F-5A255F74C3E9"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C8950D8-E839-4A57-BA91-86CAA412FE79"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F9C80CC-F74C-4FB8-946E-CB56C9EF1521"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2D58713-EDA5-49C5-92FB-F34292DED794"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DC4C1E3-401B-48DC-9E34-FB0805ADB1CC"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F51220EF-9CCB-4A52-8F8D-11A1141F2C21"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89E647FE-5A80-4455-AABA-F07B08A38641"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAF8B5BB-EA7C-4973-8095-5E8BDA6076D1"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.20:service_release_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93B22D9A-4F9C-43A5-9C06-8102507FD4EB"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.20:service_release_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "580CD55F-DE41-41B4-AA0E-996E670C408F"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.20:service_release_3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1532D2D2-F60B-4E75-89EF-706013FB3DBD"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.20:service_release_4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE2C1342-1417-47FB-A4FB-FFAF66AC778F"
},
{
"criteria": "cpe:2.3:a:qlik:qlikview_server:12.30:service_release_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "873637C6-ADFE-4A15-9D33-F8D1092755B0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qlik:qlik_analytics:april_2018:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B18B725-BDC3-4D09-A394-357294899ADF"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_analytics:february_2018:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58B51434-6094-41A3-8A2A-8E6BEBCAFF8D"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_analytics:february_2019:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52B01CFC-4052-47B3-AE3F-C35C6CB2420A"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_analytics:june_2017:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A717032-F242-4FBC-B161-0468D93C62C4"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_analytics:june_2018:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0090402D-58DF-4789-B58A-578B9F12AEAC"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_analytics:november_2017:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BAE1CAC-960E-4D47-B51E-B059DDB0359D"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_analytics:november_2018:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4304015D-9F88-42BC-A47E-AE97B4E376EB"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_analytics:september_2017:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "04DAA0C1-C364-4569-8FA4-610CD1E36CED"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_analytics:september_2018:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE495C90-D556-466D-AABF-5C63641A7B43"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_sense:april_2018:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F70CE603-B271-4388-9807-C443356277B2"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2018:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CA0BCEC-51E6-485B-8149-2703E24249A9"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2019:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1C4A9DD-6B2D-400E-88B0-5D923CAC2118"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_sense:june_2017:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F12B37BF-9FC8-4FED-90A8-73553E7E517B"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_sense:june_2018:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DB72ED4-AD95-4A05-99B7-BA1C13565CA3"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2017:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD584882-AF47-4219-BA91-0A6BD2120F3E"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2018:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72BD1752-05AE-42CF-BA4E-1036A269C96D"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_sense:september_2017:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA72F3BE-791D-4D7B-925C-2B1E93319EA9"
},
{
"criteria": "cpe:2.3:a:qlik:qlik_sense:september_2018:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B0543DF-9C64-4545-996E-6B5B572A52AA"
}
],
"operator": "OR"
}
]
}
]