Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
QlikTech Qlikview XML外部实体漏洞
Vulnerability Description
QlikTech Qlikview是美国QlikTech公司的一套为用户提供自助式BI(商业智能)的业务发现平台。该平台支持将多来源的数据合并入单一应用程序、通过新型的图形技术实现数据可视化以及与动态应用程序、仪表板进行互动等。 QlikTech Qlikview 11.20 SR12之前版本中的AccessPoint.aspx文件存在XML外部实体漏洞。远程攻击者可借请求中特制的XML数据利用该漏洞实施服务器端请求伪造攻击,读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A