A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.

https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531 Release Notes, Vendor Advisory

https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531 Release Notes

https://csirt.divd.nl/CVE-2022-0564/ No Types Assigned

https://csirt.divd.nl/CVE-2022-0564/ Third Party Advisory

https://csirt.divd.nl/DIVD-2021-00021/ No Types Assigned

https://csirt.divd.nl/DIVD-2021-00021/ Third Party Advisory

https://csirt.divd.nl/CVE-2022-0564/ [No Types Assigned]

https://csirt.divd.nl/DIVD-2021-00021/ [No Types Assigned]

https://csirt.divd.nl/cases/DIVD-2021-00021 [Third Party Advisory]

https://csirt.divd.nl/cves/CVE-2022-0564 [Third Party Advisory]

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.

AND
     OR
          *cpe:2.3:a:qlik:qlik_sense:*:*:*:*:enterprise:*:*:* versions from (including) 14.0 up to (excluding) 14.44.0
     OR
          cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

NIST (AV:N/AC:M/Au:N/C:P/I:N/A:N)

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

NIST CWE-203

https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531 No Types Assigned

https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531 Release Notes, Vendor Advisory

https://csirt.divd.nl/cases/DIVD-2021-00021 No Types Assigned

https://csirt.divd.nl/cases/DIVD-2021-00021 Third Party Advisory

https://csirt.divd.nl/cves/CVE-2022-0564 No Types Assigned

https://csirt.divd.nl/cves/CVE-2022-0564 Third Party Advisory