Find Answers
Qlik Community
Collaborate with over 60,000 Qlik technologists and members around the world to get answers to your questions, and maximize success.
Join Us
Contact
Find Answers
Join Qlik Community
Collaborate with over 60,000 Qlik technologists and members around the world to get answers to your questions, and maximize success.
Join Us
Get Support
Have a Question?
Search Qlik's Support knowledge database or request assisted support for your highly complex issues.
Submit a Case
Talk with a Representative
Critical Issues
Experiencing a serious product issue? Please Contact us by phone. Click here to view phone numbers and hours by region.
Contact UsWelcome Guest
Installed Qlik Products
My Environments
Log your environments to ensure faster and more targeted troubleshooting.
View Available Licenses
My Licenses
Understand your licenses to help you maximize your experience.
Knowledge
Required Information For Security Vulnerability Related Cases
Article Number: 000019159 | Last Modified: 2019/11/21Description
Qlik takes product security seriously. A dedicated team of security experts work on continuously testing, hardening and securing all Qlik products. See Qlik Security Vulnerability Policy for more detail of Qlik's Security Vulnerability Policy.
Please report any security vulnerability concern to Qlik Support (https://support.qlik.com) immediately then any concerns arise. For a accurate an detailed evaluation of a potential security vulnerability it is important to clear describe the scenario in which a vulnerability has been exposed. This includes describing the steps for how security is compromised and what detail can be exposed by an attacker.
Notice, that generic test reports from 3rd auditing tools typically do not include detailed steps of vulnerability exposure in their security report. These reports commonly referring to potential risk based patterns, they do not actually expose a vulnerability as part of their system evaluation. Consequently this means that the default report details are not enough for Qlik to take any immediate action on based on the raised concern. Please consult 3rd party security auditor or local security expert for complete test case details before reporting support case with Qlik.
Please report any security vulnerability concern to Qlik Support (https://support.qlik.com) immediately then any concerns arise. For a accurate an detailed evaluation of a potential security vulnerability it is important to clear describe the scenario in which a vulnerability has been exposed. This includes describing the steps for how security is compromised and what detail can be exposed by an attacker.
Notice, that generic test reports from 3rd auditing tools typically do not include detailed steps of vulnerability exposure in their security report. These reports commonly referring to potential risk based patterns, they do not actually expose a vulnerability as part of their system evaluation. Consequently this means that the default report details are not enough for Qlik to take any immediate action on based on the raised concern. Please consult 3rd party security auditor or local security expert for complete test case details before reporting support case with Qlik.
Resolution
To enable qualified and efficient investigation and action by Qlik, please report each vulnerability concern as an individual support case with Qlik Support. This means that each concern raised in a 3rd party test report much be reported as a separate support case.
For each case consider adding as much detail as possible, in line with below items;
For each case consider adding as much detail as possible, in line with below items;
- Qlik product name
- Qlik product version
- Test case subject/name (if based on test report)
- Complete penetration test report (attach full report for reference)
- Name of security tool used for testing
- Details of how to replicate the vulnerability
- Step by step description on how to expose vulnerability
- Recording of reproduction
- Supporting material, e.g. logs, traffic traces or screenshots
- Vulnerability impact
- Type of information exposed
- Unauthorized access to content
- CVSS score if provided by security auditor
Get Answers
Find Answers
Get Support
Have a Question?
Search Qlik's Support Knowledge database or request assisted support for highly complex issues.
Submit a case
Talk with a Representative
Critical Issues
Experiencing a serious issue, please contact us by phone. View phone numbers and hours by region.