Wiz
Vulnerability DatabaseCVE-2022-0564

CVE-2022-0564
Qlik Sense vulnerability analysis and mitigation

Overview

A vulnerability (CVE-2022-0564) was discovered in Qlik Sense Enterprise on Windows that could allow remote attackers to enumerate domain user accounts. The vulnerability was disclosed in February 2022 and affects systems with LDAP configured (NVD).

Technical details

The vulnerability allows an attacker to enumerate domain user accounts by sending authentication requests to an affected system. The attack vector is network-based (AV:N) with low attack complexity (AC:L) and requires no privileges (PR:N) or user interaction (UI:N). The vulnerability has a CVSS v3.1 base score of 5.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (NVD).

Impact

A successful exploitation allows attackers to compare response times returned by the affected system to determine which accounts are valid user accounts. This information disclosure could be used as part of a larger attack campaign to identify valid user accounts in the domain (NVD).

Mitigation and workarounds

The vulnerability was addressed in the Qlik Sense Enterprise on Windows November 2021 release. Organizations should update to this version or later to mitigate the vulnerability (Qlik Release Notes).

Additional resources

SourceThis report was generated using AI

Related Qlik Sense vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2023-48365CRITICAL9.9
  • Qlik SenseQlik Sense
  • cpe:2.3:a:qlik:qlik_sense
YesNoNov 15, 2023
CVE-2023-41265CRITICAL9.9
  • Qlik SenseQlik Sense
  • cpe:2.3:a:qlik:qlik_sense
YesNoAug 29, 2023
CVE-2023-41266MEDIUM6.5
  • Qlik SenseQlik Sense
  • cpe:2.3:a:qlik:qlik_sense
YesNoAug 29, 2023
CVE-2021-36761MEDIUM5.3
  • Qlik SenseQlik Sense
  • cpe:2.3:a:qlik:qlik_sense
NoNoJun 21, 2022
CVE-2022-0564MEDIUM5.3
  • Qlik SenseQlik Sense
  • cpe:2.3:a:qlik:qlik_sense
NoYesFeb 21, 2022

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo