CVE-2019-11628

{"id": "CVE-2019-11628", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.8}]}, "published": "2019-05-01T03:29:00.230", "references": [{"url": "https://qliksupport.force.com/articles/000069985", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-917"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3, June 2018 Patch 3, September 2018 Patch 4, November 2018 Patch 4, or February 2019 Patch 2. An authenticated user may be able to bypass intended file-read restrictions via crafted Browser requests."}, {"lang": "es", "value": "Fue encontrado un problema en QlikView Server versi\u00f3n anterior a 11.20 SR19, versi\u00f3n 12.00 y versi\u00f3n 12.10 anterior a 12.10 SR11, versi\u00f3n 12.20 anterior a SR9 y versi\u00f3n 12.30 anterior a SR2; y Qlik Sense Enterprise y Qlik Analytics Platform, ya que se presentan instalaciones q carecen de estos niveles de path: febrero de 2018 path 4, abril de 2018 path 3, junio de 2018 path 3, septiembre de 2018 path 4, noviembre de 2018 path 4 o febrero de 2019 path 2. Un usuario identificado puede ser capaz de omitir las restricciones de lectura de archivos previstas por medio de petici\u00f3nes de navegador creadas."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70348E24-DF95-4A83-820D-5F3C13055AE5"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FBE0588-1011-4616-AF13-5312CDC262F5"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C258DFA-C6E6-49F1-BE0F-4F1E78EF16B4"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D625AA7-2063-45F1-873F-9FE8BD1AD127"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED61447C-30A7-4369-AAB9-AC48B7ECE44C"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE8DEAE0-083D-472C-8C89-F6452CA07FA1"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA3B6615-A5F6-4DC6-B43B-E3C7D1453D86"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44A0F9B9-4169-45AB-A08D-0CD17AE9042E"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18CD5DDE-EE11-4D84-9830-22190C9D0BAC"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E959F54-6B26-47D8-849E-B2D4309CE9FC"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "804B8141-890B-49D3-AAF7-29B82DE458F4"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09765ABB-8EF3-48B8-A2CB-409574CDD491"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDEA544E-D63B-4797-8BDA-20B7B7BA6FC3"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "843EA971-B23E-4FD9-892D-AB5857C1AE47"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A11AC3DC-D026-4E43-9ADE-4E3BF0CC22EE"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44E5CA6C-9991-485F-98A7-7873684175D9"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:11.20:service_release_9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D72BC295-687D-49AE-AB08-7A54F81066FA"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EC12134-E1F6-411B-962C-EC0F733FE9A1"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE1C9243-C526-4495-85EE-9DFF39E3747E"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76806FB7-5A08-4208-990F-5A255F74C3E9"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C8950D8-E839-4A57-BA91-86CAA412FE79"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F9C80CC-F74C-4FB8-946E-CB56C9EF1521"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2D58713-EDA5-49C5-92FB-F34292DED794"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DC4C1E3-401B-48DC-9E34-FB0805ADB1CC"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F51220EF-9CCB-4A52-8F8D-11A1141F2C21"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89E647FE-5A80-4455-AABA-F07B08A38641"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.10:service_release_9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAF8B5BB-EA7C-4973-8095-5E8BDA6076D1"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.20:service_release_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93B22D9A-4F9C-43A5-9C06-8102507FD4EB"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.20:service_release_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "580CD55F-DE41-41B4-AA0E-996E670C408F"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.20:service_release_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1532D2D2-F60B-4E75-89EF-706013FB3DBD"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.20:service_release_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE2C1342-1417-47FB-A4FB-FFAF66AC778F"}, {"criteria": "cpe:2.3:a:qlik:qlikview_server:12.30:service_release_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "873637C6-ADFE-4A15-9D33-F8D1092755B0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qlik:qlik_analytics:april_2018:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B18B725-BDC3-4D09-A394-357294899ADF"}, {"criteria": "cpe:2.3:a:qlik:qlik_analytics:february_2018:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58B51434-6094-41A3-8A2A-8E6BEBCAFF8D"}, {"criteria": "cpe:2.3:a:qlik:qlik_analytics:february_2019:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52B01CFC-4052-47B3-AE3F-C35C6CB2420A"}, {"criteria": "cpe:2.3:a:qlik:qlik_analytics:june_2017:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A717032-F242-4FBC-B161-0468D93C62C4"}, {"criteria": "cpe:2.3:a:qlik:qlik_analytics:june_2018:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0090402D-58DF-4789-B58A-578B9F12AEAC"}, {"criteria": "cpe:2.3:a:qlik:qlik_analytics:november_2017:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BAE1CAC-960E-4D47-B51E-B059DDB0359D"}, {"criteria": "cpe:2.3:a:qlik:qlik_analytics:november_2018:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4304015D-9F88-42BC-A47E-AE97B4E376EB"}, {"criteria": "cpe:2.3:a:qlik:qlik_analytics:september_2017:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04DAA0C1-C364-4569-8FA4-610CD1E36CED"}, {"criteria": "cpe:2.3:a:qlik:qlik_analytics:september_2018:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE495C90-D556-466D-AABF-5C63641A7B43"}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:april_2018:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "F70CE603-B271-4388-9807-C443356277B2"}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2018:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "2CA0BCEC-51E6-485B-8149-2703E24249A9"}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2019:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "A1C4A9DD-6B2D-400E-88B0-5D923CAC2118"}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:june_2017:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "F12B37BF-9FC8-4FED-90A8-73553E7E517B"}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:june_2018:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "6DB72ED4-AD95-4A05-99B7-BA1C13565CA3"}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2017:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "AD584882-AF47-4219-BA91-0A6BD2120F3E"}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2018:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "72BD1752-05AE-42CF-BA4E-1036A269C96D"}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:september_2017:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CA72F3BE-791D-4D7B-925C-2B1E93319EA9"}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:september_2018:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "2B0543DF-9C64-4545-996E-6B5B572A52AA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}