CVE-2019-11628

Name of the Vulnerable Software and Affected Versions QlikView Server versions prior to 11.20 SR19 QlikView Server versions 12.00 through 12.10 before 12.10 SR11 QlikView Server versions 12.20 through 12.20 before SR9 QlikView Server versions 12.30 through 12.30 before SR2 Qlik Sense Enterprise (affected versions not specified) Qlik Analytics Platform (affected versions not specified)

Description An issue allows an authenticated user to bypass intended file-read restrictions via crafted browser requests.

Recommendations For QlikView Server versions prior to 11.20 SR19, apply the February 2018 Patch 4 or later to resolve the issue. For QlikView Server versions 12.00 through 12.10 before 12.10 SR11, apply the April 2018 Patch 3 or later to resolve the issue. For QlikView Server versions 12.20 through 12.20 before SR9, apply the June 2018 Patch 3 or later to resolve the issue. For QlikView Server versions 12.30 through 12.30 before SR2, apply the September 2018 Patch 4 or later to resolve the issue. For Qlik Sense Enterprise and Qlik Analytics Platform, apply the November 2018 Patch 4 or February 2019 Patch 2 to resolve the issue.