CVE-2019-11628

An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3, June 2018 Patch 3, September 2018 Patch 4, November 2018 Patch 4, or February 2019 Patch 2. An authenticated user may be able to bypass intended file-read restrictions via crafted Browser requests.

Published: May 1, 2019
Updated: Nov 9, 2025
CVE: CVE-2019-11628
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-917

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
qlik / qlikview_server	12.00	12.00.x
qlik / qlikview_server	12.30-service_release_1	12.30-service_release_1.x
qlik / qlikview_server	11.20-service_release_2	11.20-service_release_2.x
qlik / qlikview_server	11.20-service_release_3	11.20-service_release_3.x
qlik / qlikview_server	11.20-service_release_4	11.20-service_release_4.x
qlik / qlikview_server	11.20-service_release_5	11.20-service_release_5.x
qlik / qlikview_server	11.20-service_release_6	11.20-service_release_6.x
qlik / qlikview_server	11.20-service_release_7	11.20-service_release_7.x
qlik / qlikview_server	11.20-service_release_8	11.20-service_release_8.x
qlik / qlikview_server	11.20-service_release_9	11.20-service_release_9.x
qlik / qlikview_server	11.20-service_release_10	11.20-service_release_10.x
qlik / qlikview_server	11.20-service_release_11	11.20-service_release_11.x
qlik / qlikview_server	11.20-service_release_12	11.20-service_release_12.x
qlik / qlikview_server	11.20-service_release_13	11.20-service_release_13.x
qlik / qlikview_server	11.20-service_release_14	11.20-service_release_14.x
qlik / qlikview_server	11.20-service_release_15	11.20-service_release_15.x
qlik / qlikview_server	11.20-service_release_16	11.20-service_release_16.x
qlik / qlikview_server	11.20-service_release_17	11.20-service_release_17.x
qlik / qlikview_server	12.10-service_release_2	12.10-service_release_2.x
qlik / qlikview_server	12.10-service_release_3	12.10-service_release_3.x
qlik / qlikview_server	12.10-service_release_4	12.10-service_release_4.x
qlik / qlikview_server	12.10-service_release_5	12.10-service_release_5.x
qlik / qlikview_server	12.10-service_release_6	12.10-service_release_6.x
qlik / qlikview_server	12.10-service_release_7	12.10-service_release_7.x
qlik / qlikview_server	12.10-service_release_8	12.10-service_release_8.x
qlik / qlikview_server	12.10-service_release_9	12.10-service_release_9.x
qlik / qlikview_server	12.20-service_release_1	12.20-service_release_1.x
qlik / qlikview_server	12.20-service_release_2	12.20-service_release_2.x
qlik / qlikview_server	12.20-service_release_3	12.20-service_release_3.x
qlik / qlikview_server	12.20-service_release_4	12.20-service_release_4.x
qlik / qlikview_server	12.10-service_release_1	12.10-service_release_1.x
qlik / qlikview_server	11.20-service_release_1	11.20-service_release_1.x
qlik / qlik_sense	november_2017	november_2017.x
qlik / qlik_sense	september_2017	september_2017.x
qlik / qlik_sense	june_2017	june_2017.x
qlik / qlik_sense	february_2019	february_2019.x
qlik / qlik_sense	september_2018	september_2018.x
qlik / qlik_sense	november_2018	november_2018.x
qlik / qlik_sense	april_2018	april_2018.x
qlik / qlik_sense	june_2018	june_2018.x
qlik / qlik_sense	february_2018	february_2018.x
qlik / qlik_analytics	november_2017	november_2017.x
qlik / qlik_analytics	september_2017	september_2017.x
qlik / qlik_analytics	june_2017	june_2017.x
qlik / qlik_analytics	february_2019	february_2019.x
qlik / qlik_analytics	september_2018	september_2018.x
qlik / qlik_analytics	november_2018	november_2018.x
qlik / qlik_analytics	april_2018	april_2018.x
qlik / qlik_analytics	june_2018	june_2018.x
qlik / qlik_analytics	february_2018	february_2018.x

https://qliksupport.force.com/articles/000069985

Vulnerability Database

315,363

CVE-2019-11628

Deep Security Visibility Without the Complexity