CVE-2019-11628 Information

Description

An issue was discovered in QlikView Server before 11.20 SR19 12.00 and 12.10 before 12.10 SR11 12.20 before SR9 and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4 April 2018 Patch 3 June 2018 Patch 3 September 2018 Patch 4 November 2018 Patch 4 or February 2019 Patch 2. An authenticated user may be able to bypass intended file-read restrictions via crafted Browser requests.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://qliksupport.force.com/articles/000069985

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5