What is the severity of CVE-2022-0564?

CVE-2022-0564 is classified as a medium severity vulnerability.

How do I fix CVE-2022-0564?

To mitigate CVE-2022-0564, update Qlik Sense Enterprise to version 14.45 or later.

What systems are affected by CVE-2022-0564?

CVE-2022-0564 affects Qlik Sense Enterprise versions from 14.0 to 14.44.0 running on Windows.

What can an attacker achieve by exploiting CVE-2022-0564?

Exploiting CVE-2022-0564 allows an attacker to enumerate domain user accounts through authentication requests.

Is CVE-2022-0564 easy to exploit?

CVE-2022-0564 can be exploited by sending authentication requests, making it relatively straightforward for attackers with necessary access.

Vulnerability/
CVE-2022-0564

medium

5.3

CWE

204 203

21/2/2022

6/8/2024

CVE-2022-0564: Qlik Sense Enterprise Domain User enumeration

First published: Mon Feb 21 2022(Updated: )

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.

Credit: csirt@divd.nl csirt@divd.nl

Affected Software	Affected Version	How to fix
All of
	>=14.0<14.44.0

Qlik Qlik Sense	>=14.0<14.44.0
Microsoft Windows

Remedy

Update Qlik Sense Enterprise on Windows to version 14.44.0 or higher.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-0564?
CVE-2022-0564 is classified as a medium severity vulnerability.
How do I fix CVE-2022-0564?
To mitigate CVE-2022-0564, update Qlik Sense Enterprise to version 14.45 or later.
What systems are affected by CVE-2022-0564?
CVE-2022-0564 affects Qlik Sense Enterprise versions from 14.0 to 14.44.0 running on Windows.
What can an attacker achieve by exploiting CVE-2022-0564?
Exploiting CVE-2022-0564 allows an attacker to enumerate domain user accounts through authentication requests.
Is CVE-2022-0564 easy to exploit?
CVE-2022-0564 can be exploited by sending authentication requests, making it relatively straightforward for attackers with necessary access.

collector/nvd-index
agent/type
agent/first-publish-date
agent/weakness
agent/author
agent/softwarecombine
agent/title
agent/severity
agent/references
agent/description
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/remedy
agent/source
vendor/qlik
canonical/qlik qlik sense
version/qlik qlik sense/14.0
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.