Primary

Context

QlikView Denial-of-Service Vulnerability in FTP Server Address Input

Vulnerability

A denial-of-service vulnerability has been identified in QlikView version 12.50.20000.0. The issue resides in the FTP server address input field, where local attackers can crash the application by pasting a 300-character buffer. This exploitation disrupts normal functionality, causing the application to crash.

Impact

Exploitation of this vulnerability leads to a crash of the QlikView application, disrupting normal user activity and causing potential data loss.

Reproduction

To reproduce this vulnerability, open QlikView 12.50.20000.0 on a Windows 10 Pro x64 system. Navigate to 'File' and select 'Open FTP...'. In the 'FTP Server Address' field, paste a 300-character buffer. After pasting, click 'Connect', which will trigger the application to crash.

Added: Jan 29, 2026, 3:43 PM

Updated: Jan 29, 2026, 5:02 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.8

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.8

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QlikView Denial-of-Service Vulnerability in FTP Server Address Input

Vulnerability

Impact

Reproduction

Affected Products

QlikView

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating