Kaspersky LabKLA10668KLA10668 File access vulnerability in QlikTech QlikView
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.044 Low
EPSS
Percentile
92.3%
Detect date:
09/16/2015
Severity:
High
Description:
XML external entity vulnerability was found in QlikView at AccessPoint.aspx. By exploiting this vulnerability malicious users can read arbitrary files. This vulnerability can be exploited remotely via a specially designed xml data.
Affected products:
QlikTech Qlikview versions earlier than 11.20 SR12
Solution:
Update to the latest version
Get QlikView
Impacts:
RLF
Related products:
CVE-IDS:
CVE-2015-36236.4High
Exploitation:
Public exploits exist for this vulnerability.
Related
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.044 Low
EPSS
Percentile
92.3%