CVE-2022-0564

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:qlik:qlik_sense:*:*:*:*:enterprise:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:38

Type Values Removed Values Added
References () https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531 - Release Notes () https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531 - Release Notes
References () https://csirt.divd.nl/CVE-2022-0564/ - Third Party Advisory () https://csirt.divd.nl/CVE-2022-0564/ - Third Party Advisory
References () https://csirt.divd.nl/DIVD-2021-00021/ - Third Party Advisory () https://csirt.divd.nl/DIVD-2021-00021/ - Third Party Advisory

02 Jan 2024, 19:15

Type Values Removed Values Added
Summary A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.

07 Nov 2023, 03:41

Type Values Removed Values Added
Summary A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.

Information

Published : 2022-02-21 18:15

Updated : 2024-11-21 06:38


NVD link : CVE-2022-0564

Mitre link : CVE-2022-0564

CVE.ORG link : CVE-2022-0564


JSON object : View

Products Affected

microsoft

  • windows

qlik

  • qlik_sense
CWE
CWE-204

Observable Response Discrepancy

CWE-203

Observable Discrepancy