CVE-2022-42248

Name of the Vulnerable Software and Affected Versions QlikView version 12.60.2

Description The issue is related to the QvsViewClient functionality of the QlikView analytical platform, where the structure of web pages is not properly protected when creating interactive objects. This can be exploited by a remote attacker to perform cross-site scripting attacks by sending specially crafted POST requests. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For QlikView version 12.60.2, consider disabling the QvsViewClient functionality until a patch is available to prevent potential cross-site scripting attacks. Restrict access to the QvsViewClient module to minimize the risk of exploitation. Avoid using the QvsViewClient functionality in the affected API endpoints until the issue is resolved.