CVE-2024-29863

Name of the Vulnerable Software and Affected Versions: Qlik Qlikview versions prior to May 2022 SR3 (12.70.20300) and prior to May 2023 SR2 (12.80.20200)

Description: A race condition in the installer executable may allow an existing lower privileged user to cause code to be executed in the context of a Windows Administrator. This issue is related to errors in synchronization when using a shared resource. The exploitation of this issue may allow an attacker to execute arbitrary code in the context of a Windows Administrator.

Recommendations: For versions prior to May 2022 SR3 (12.70.20300) and prior to May 2023 SR2 (12.80.20200), update to a version that includes the fix for this issue, such as May 2022 SR3 (12.70.20300) or later, and May 2023 SR2 (12.80.20200) or later. As a temporary workaround, consider restricting access to the installer executable to minimize the risk of exploitation.