CVE-2020-36994: QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service

Published Jan 29, 2026

Updated

QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality.

Affected Software

1 affected component

Qlik QlikView

Event History

Jan 29, 2026

CVE Published

via MITRE·02:28 PM

Data Sourced

via MITRE·02:28 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·03:16 PM

DescriptionSeverityWeakness

Apr 2, 58332

Event

via NVD·09:43 PM

Frequently Asked Questions

What is the severity of CVE-2020-36994?

CVE-2020-36994 is classified as a denial of service vulnerability.

How do I fix CVE-2020-36994?

To mitigate CVE-2020-36994, ensure that the QlikView application is updated to a version that addresses this vulnerability.

Who is affected by CVE-2020-36994?

CVE-2020-36994 affects QlikView version 12.50.20000.0.

What type of vulnerability is CVE-2020-36994?

CVE-2020-36994 is a denial of service vulnerability related to the FTP server address input field.

Can local attackers exploit CVE-2020-36994?

Yes, local attackers can exploit CVE-2020-36994 by crashing the QlikView application using a 300-character buffer.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.