Alex Haynes

**Name of the Vulnerable Software and Affected Versions** QlikTech Qlikview versions prior to 11.20 SR12 **Description** The issue allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to "AccessPoint.aspx". This is due to an XML external entity (XXE) vulnerability. **Recommendations** For versions prior to 11.20 SR12, update to version 11.20 SR12 or later to resolve the issue. As a temporary workaround, consider restricting access to the "AccessPoint.aspx" endpoint until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** LANDESK Management Suite versions prior to 9.6 SP1 **Description** A cross-site scripting (XSS) issue exists in the admin interface, allowing remote attackers to inject arbitrary web script or HTML via the `AMTVersion` parameter to the "remote/serverlist grouptree.aspx" endpoint. **Recommendations** For versions prior to 9.6 SP1, update to version 9.6 SP1 or later to resolve the issue.