A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.
References
Link | Resource |
---|---|
https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531 | Release Notes |
https://csirt.divd.nl/CVE-2022-0564/ | Third Party Advisory |
https://csirt.divd.nl/DIVD-2021-00021/ | Third Party Advisory |
https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531 | Release Notes |
https://csirt.divd.nl/CVE-2022-0564/ | Third Party Advisory |
https://csirt.divd.nl/DIVD-2021-00021/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 06:38
Type | Values Removed | Values Added |
---|---|---|
References | () https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531 - Release Notes | |
References | () https://csirt.divd.nl/CVE-2022-0564/ - Third Party Advisory | |
References | () https://csirt.divd.nl/DIVD-2021-00021/ - Third Party Advisory |
02 Jan 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. |
07 Nov 2023, 03:41
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. |
Information
Published : 2022-02-21 18:15
Updated : 2024-11-21 06:38
NVD link : CVE-2022-0564
Mitre link : CVE-2022-0564
CVE.ORG link : CVE-2022-0564
JSON object : View
Products Affected
microsoft
- windows
qlik
- qlik_sense