Vulnerabilites related to tableau - tableau_server
Vulnerability from fkie_nvd
Published
2019-12-11 04:15
Modified
2024-11-21 04:35
Severity ?
Summary
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tableau | tableau_server | * | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53A5C891-8268-43F9-9F4A-B1F555DBEE16",
"versionEndIncluding": "2019.4",
"versionStartIncluding": "10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page."
},
{
"lang": "es",
"value": "Tableau Server versiones 10.3 hasta 2019.4 sobre Windows y Linux, permite un ataque de tipo XSS por medio de la p\u00e1gina embeddedAuthRedirect."
}
],
"id": "CVE-2019-19719",
"lastModified": "2024-11-21T04:35:14.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-11T04:15:10.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://community.tableau.com/community/security-bulletins/blog/2019/11/19/important-adv-2019-047-open-redirect-on-embeddedauthredirect-page"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.tableau.com/community/security-bulletins/blog/2019/11/19/important-adv-2019-047-open-redirect-on-embeddedauthredirect-page"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-08 16:15
Modified
2024-11-21 05:36
Severity ?
Summary
A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tableau | tableau_server | * | |
| tableau | tableau_server | 10.5 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA634751-D358-452E-8D0B-0E303117BA84",
"versionEndIncluding": "2020.2",
"versionStartIncluding": "2018.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66F3C9BF-5442-450A-A698-0151DAD3DDDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial en Tableau Server versiones 10.5, 2018.x, 2019.x, 2020.x publicada antes del 26 de junio de 2020, podr\u00eda permitir un acceso a informaci\u00f3n confidencial en archivos de registro"
}
],
"id": "CVE-2020-6938",
"lastModified": "2024-11-21T05:36:22.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-08T16:15:11.260",
"references": [
{
"source": "security@salesforce.com",
"tags": [
"Third Party Advisory"
],
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=Sensitive-information-disclosure-vulnerability-affecting-Tableau-Server-in-certain-use-cases\u0026language=en_US"
},
{
"source": "security@salesforce.com",
"tags": [
"Third Party Advisory"
],
"url": "https://help.salesforce.com/articleView?id=000354158\u0026type=1\u0026mode=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=Sensitive-information-disclosure-vulnerability-affecting-Tableau-Server-in-certain-use-cases\u0026language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://help.salesforce.com/articleView?id=000354158\u0026type=1\u0026mode=1"
}
],
"sourceIdentifier": "security@salesforce.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-25 14:15
Modified
2024-11-21 06:46
Severity ?
Summary
Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@salesforce.com | https://help.salesforce.com/s/articleView?id=000365493&type=1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.salesforce.com/s/articleView?id=000365493&type=1 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35A3A2DC-A45A-4FF1-B149-507280EB80B3",
"versionEndIncluding": "2020.4.16",
"versionStartIncluding": "2020.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2F9200-3394-4AF5-ADBF-5248B81841C4",
"versionEndIncluding": "2021.1.13",
"versionStartIncluding": "2021.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68BB7CDF-7CA9-4CA2-9B53-C28D5B7F3AAC",
"versionEndIncluding": "2021.2.10",
"versionStartIncluding": "2021.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A50A27D-6721-4456-A1F6-9CDCF92D1EA6",
"versionEndIncluding": "2021.3.9",
"versionStartIncluding": "2021.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE492FF-CC59-4BC2-A29B-B2457DCF9F1F",
"versionEndIncluding": "2021.4.4",
"versionStartIncluding": "2021.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable."
},
{
"lang": "es",
"value": "Tableau es consciente de una vulnerabilidad de control de acceso rota presente en Tableau Server que afecta a clientes de Tableau Server que usan Local Identity Store para administrar usuarios. La vulnerabilidad permite que un administrador de sitio malicioso cambie las contrase\u00f1as de los usuarios en diferentes sitios alojados en el mismo Tableau Server, lo que puede resultar en un acceso no autorizado a los datos. Las versiones de Tableau Server afectadas son:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 y anteriores Nota: Todas las versiones futuras de Tableau Server abordar\u00e1n este problema de seguridad. Las versiones que ya no son compatibles no han sido probadas y pueden ser vulnerables"
}
],
"id": "CVE-2022-22127",
"lastModified": "2024-11-21T06:46:13.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-25T14:15:08.637",
"references": [
{
"source": "security@salesforce.com",
"tags": [
"Third Party Advisory"
],
"url": "https://help.salesforce.com/s/articleView?id=000365493\u0026type=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://help.salesforce.com/s/articleView?id=000365493\u0026type=1"
}
],
"sourceIdentifier": "security@salesforce.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-26 17:15
Modified
2024-11-21 05:44
Severity ?
Summary
Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@salesforce.com | http://packetstormsecurity.com/files/162138/Tableau-Server-Open-Redirection.html | Exploit, Third Party Advisory, VDB Entry | |
| security@salesforce.com | http://seclists.org/fulldisclosure/2021/Apr/22 | Mailing List, Third Party Advisory | |
| security@salesforce.com | https://help.salesforce.com/articleView?id=000357424&type=1&mode=1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162138/Tableau-Server-Open-Redirection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Apr/22 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.salesforce.com/articleView?id=000357424&type=1&mode=1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| microsoft | windows | - | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "388A8A90-AF80-4E88-8607-5A0904E61B10",
"versionEndExcluding": "2019.4.18",
"versionStartIncluding": "2019.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8203E31F-DDC5-4646-9DC1-4920E2E3E84E",
"versionEndExcluding": "2020.1.15",
"versionStartIncluding": "2020.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5517AD17-3F21-43B3-956C-7E1016154530",
"versionEndExcluding": "2020.2.12",
"versionStartIncluding": "2020.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C94514D-348F-474D-89A0-5C4D0041DD1F",
"versionEndExcluding": "2020.3.7",
"versionStartIncluding": "2020.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC00D02-0C3C-4E5E-9D79-81638AC9AFB4",
"versionEndExcluding": "2020.4.3",
"versionStartIncluding": "2020.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "388A8A90-AF80-4E88-8607-5A0904E61B10",
"versionEndExcluding": "2019.4.18",
"versionStartIncluding": "2019.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8203E31F-DDC5-4646-9DC1-4920E2E3E84E",
"versionEndExcluding": "2020.1.15",
"versionStartIncluding": "2020.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5517AD17-3F21-43B3-956C-7E1016154530",
"versionEndExcluding": "2020.2.12",
"versionStartIncluding": "2020.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C94514D-348F-474D-89A0-5C4D0041DD1F",
"versionEndExcluding": "2020.3.7",
"versionStartIncluding": "2020.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC00D02-0C3C-4E5E-9D79-81638AC9AFB4",
"versionEndExcluding": "2020.4.3",
"versionStartIncluding": "2020.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users."
},
{
"lang": "es",
"value": "Tableau Server no puede comprobar determinadas URL que est\u00e1n embebidas en los correos electr\u00f3nicos enviados a usuarios de Tableau Server."
}
],
"id": "CVE-2021-1629",
"lastModified": "2024-11-21T05:44:46.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-26T17:15:12.780",
"references": [
{
"source": "security@salesforce.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162138/Tableau-Server-Open-Redirection.html"
},
{
"source": "security@salesforce.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/22"
},
{
"source": "security@salesforce.com",
"tags": [
"Vendor Advisory"
],
"url": "https://help.salesforce.com/articleView?id=000357424\u0026type=1\u0026mode=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162138/Tableau-Server-Open-Redirection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.salesforce.com/articleView?id=000357424\u0026type=1\u0026mode=1"
}
],
"sourceIdentifier": "security@salesforce.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-17 16:15
Modified
2024-11-21 06:46
Severity ?
Summary
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B9D0C7-8257-4646-ADDE-DC9F24C8A65F",
"versionEndIncluding": "2020.4.20",
"versionStartIncluding": "2020.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC87E32E-AE8E-44DC-96E8-CDE5650A017B",
"versionEndIncluding": "2021.1.17",
"versionStartIncluding": "2021.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9241C03F-5484-4A72-BA3D-5880127D0202",
"versionEndIncluding": "2021.2.15",
"versionStartIncluding": "2021.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9550748E-38A1-4736-94D4-8A3E9534A287",
"versionEndIncluding": "2021.3.14",
"versionStartIncluding": "2021.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D85EF9F-6A9F-4616-BE60-A92362A34160",
"versionEndIncluding": "2021.4.9",
"versionStartIncluding": "2021.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16552215-FA84-4E48-AFDA-CCA7AF1E5C80",
"versionEndIncluding": "2022.1.4",
"versionStartIncluding": "2022.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent\u2019s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates."
},
{
"lang": "es",
"value": "Tableau ha detectado una vulnerabilidad de salto de rutas afectando al servicio de transferencia de archivos internos del agente de administraci\u00f3n de Tableau Server y que pod\u00eda permitir una ejecuci\u00f3n de c\u00f3digo remota. Tableau s\u00f3lo soporta a las versiones del producto durante 24 meses despu\u00e9s de su lanzamiento. Las versiones m\u00e1s antiguas han llegado al final de su vida \u00fatil y ya no reciben soporte. Tampoco son evaluadas para detectar posibles problemas de seguridad y no reciben actualizaciones de seguridad"
}
],
"id": "CVE-2022-22128",
"lastModified": "2024-11-21T06:46:14.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-17T16:15:20.643",
"references": [
{
"source": "security@salesforce.com",
"tags": [
"Broken Link"
],
"url": "https://help.salesforce.com/s/articleView?id=000367027\u0026type=1"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.tableau.com/articles/Issue/issue-affecting-tableau-server-administration-agent"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://help.salesforce.com/s/articleView?id=000367027\u0026type=1"
}
],
"sourceIdentifier": "security@salesforce.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-23 17:15
Modified
2024-11-21 05:36
Severity ?
Summary
Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@salesforce.com | https://help.salesforce.com/articleView?id=000355686&type=1&mode=1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.salesforce.com/articleView?id=000355686&type=1&mode=1 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * | |
| tableau | tableau_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18E26A40-022A-4887-85CE-E0BFF83F7299",
"versionEndIncluding": "2018.2.27",
"versionStartIncluding": "2018.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B72068B-B413-4053-B1BC-0CD154D10D8D",
"versionEndIncluding": "2018.3.24",
"versionStartIncluding": "2018.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52F0B5EB-D5F4-4423-8754-E9BCC3699305",
"versionEndIncluding": "2019.1.22",
"versionStartIncluding": "2019.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56EB08BB-13A4-49C9-8928-DFD0DFA8D4AE",
"versionEndIncluding": "2019.2.18",
"versionStartIncluding": "2019.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4401C018-6851-4211-83B1-E5595A746116",
"versionEndIncluding": "2019.3.14",
"versionStartIncluding": "2019.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC0F0E8-FEB5-45AB-9D12-5592549E9408",
"versionEndIncluding": "2019.4.13",
"versionStartIncluding": "2019.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06E3D4C4-6466-420B-AF73-4C2964D3F0A7",
"versionEndIncluding": "2020.1.10",
"versionStartIncluding": "2020.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE3600B-1D06-4A80-919D-32E2DA3ABFC0",
"versionEndIncluding": "2020.2.7",
"versionStartIncluding": "2020.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C60C48CC-A038-4AA3-95EE-045AB2F6D047",
"versionEndIncluding": "2020.3.2",
"versionStartIncluding": "2020.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2."
},
{
"lang": "es",
"value": "Instalaciones de Tableau Server configuradas con Site-Specific SAML que permite a usuarios no autenticados utilizar las API.\u0026#xa0;Si se explota, esto podr\u00eda permitir a un usuario malicioso establecer la configuraci\u00f3n SAML espec\u00edfica del sitio y podr\u00eda conllevar a la toma de control de la cuenta para los usuarios de ese sitio. Tableau Server versiones afectadas tanto en Windows como en Linux son: 2018.2 hasta 2018.2.27, 2018.3 hasta 2018.3.24, 2019.1 hasta 2019.1.22, 2019.2 hasta 2019.2.18, 2019.3 hasta 2019.3.14, 2019.4 hasta 2019.4.13, 2020.1 hasta 2020.1.10, 2020.2 hasta 2020.2.7 y 2020.3 hasta 2020.3.2"
}
],
"id": "CVE-2020-6939",
"lastModified": "2024-11-21T05:36:22.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-23T17:15:12.720",
"references": [
{
"source": "security@salesforce.com",
"tags": [
"Third Party Advisory"
],
"url": "https://help.salesforce.com/articleView?id=000355686\u0026type=1\u0026mode=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://help.salesforce.com/articleView?id=000355686\u0026type=1\u0026mode=1"
}
],
"sourceIdentifier": "security@salesforce.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-26 17:15
Modified
2024-11-21 04:29
Severity ?
Summary
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products | Vendor Advisory | |
| cve@mitre.org | https://github.com/minecrater/exploits/blob/master/TableauXXE.py | Exploit, Third Party Advisory | |
| cve@mitre.org | https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/minecrater/exploits/blob/master/TableauXXE.py | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E95A215-C68A-4E39-AF1B-6D7427E56973",
"versionEndIncluding": "10.5.18",
"versionStartIncluding": "10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E385CA2A-E91A-4BC7-8506-BEF6062B150C",
"versionEndIncluding": "2018.1.15",
"versionStartIncluding": "2018.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1A7008-8A45-401D-834B-0BB2C1EA0C33",
"versionEndIncluding": "2018.12",
"versionStartIncluding": "2018.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "947A754A-05EF-40F0-8AA8-30F1A14BC4D9",
"versionEndIncluding": "2018.3.9",
"versionStartIncluding": "2018.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4929F7F1-F93C-4B8C-82E1-5BFE1151E9B9",
"versionEndIncluding": "2019.1.6",
"versionStartIncluding": "2019.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7C9914-27BB-4A77-925C-F33C7F5442A7",
"versionEndIncluding": "2019.2.2",
"versionStartIncluding": "2019.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9251CC38-30D8-430E-8686-65E5087DA8A3",
"versionEndIncluding": "10.2.23",
"versionStartIncluding": "10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "024F8EBE-56EB-4823-9C9D-0235F6B8364D",
"versionEndIncluding": "10.3.23",
"versionStartIncluding": "10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8BF98F-59E5-4AEF-9C66-5D0232A77E04",
"versionEndIncluding": "10.4.19",
"versionStartIncluding": "10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E95A215-C68A-4E39-AF1B-6D7427E56973",
"versionEndIncluding": "10.5.18",
"versionStartIncluding": "10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E385CA2A-E91A-4BC7-8506-BEF6062B150C",
"versionEndIncluding": "2018.1.15",
"versionStartIncluding": "2018.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1A7008-8A45-401D-834B-0BB2C1EA0C33",
"versionEndIncluding": "2018.12",
"versionStartIncluding": "2018.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "947A754A-05EF-40F0-8AA8-30F1A14BC4D9",
"versionEndIncluding": "2018.3.9",
"versionStartIncluding": "2018.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4929F7F1-F93C-4B8C-82E1-5BFE1151E9B9",
"versionEndIncluding": "2019.1.6",
"versionStartIncluding": "2019.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7C9914-27BB-4A77-925C-F33C7F5442A7",
"versionEndIncluding": "2019.2.2",
"versionStartIncluding": "2019.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8F1A52-AA3D-4D12-A518-0721FAD63102",
"versionEndIncluding": "10.2.23",
"versionStartIncluding": "10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E057777C-880F-4E22-B4FB-CB2341E83610",
"versionEndIncluding": "10.3.23",
"versionStartIncluding": "10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "541F2AF1-AB8A-412D-94B6-CE481DCCA332",
"versionEndIncluding": "10.4.19",
"versionStartIncluding": "10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1B0077-F84B-4900-9215-F68DED52CE07",
"versionEndIncluding": "10.5.18",
"versionStartIncluding": "10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDFBAF8-CE09-4415-A03D-455AA5883F02",
"versionEndIncluding": "2018.1.15",
"versionStartIncluding": "2018.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20A4CDDF-58A1-49E7-94E7-F59F84894C61",
"versionEndIncluding": "2018.2.12",
"versionStartIncluding": "2018.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAEF5EF7-F5DA-4A60-A7E3-313F7D1C5DA2",
"versionEndIncluding": "2018.3.9",
"versionStartIncluding": "2018.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46C3C48B-2CBA-455E-9B8F-036395813507",
"versionEndIncluding": "2019.1.6",
"versionStartIncluding": "2019.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEA910B-FA61-414E-82DC-6FACC4693649",
"versionEndIncluding": "2019.2.2",
"versionStartIncluding": "2019.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8F1A52-AA3D-4D12-A518-0721FAD63102",
"versionEndIncluding": "10.2.23",
"versionStartIncluding": "10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E057777C-880F-4E22-B4FB-CB2341E83610",
"versionEndIncluding": "10.3.23",
"versionStartIncluding": "10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "541F2AF1-AB8A-412D-94B6-CE481DCCA332",
"versionEndIncluding": "10.4.19",
"versionStartIncluding": "10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1B0077-F84B-4900-9215-F68DED52CE07",
"versionEndIncluding": "10.5.18",
"versionStartIncluding": "10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDFBAF8-CE09-4415-A03D-455AA5883F02",
"versionEndIncluding": "2018.1.15",
"versionStartIncluding": "2018.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20A4CDDF-58A1-49E7-94E7-F59F84894C61",
"versionEndIncluding": "2018.2.12",
"versionStartIncluding": "2018.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAEF5EF7-F5DA-4A60-A7E3-313F7D1C5DA2",
"versionEndIncluding": "2018.3.9",
"versionStartIncluding": "2018.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46C3C48B-2CBA-455E-9B8F-036395813507",
"versionEndIncluding": "2019.1.6",
"versionStartIncluding": "2019.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEA910B-FA61-414E-82DC-6FACC4693649",
"versionEndIncluding": "2019.2.2",
"versionStartIncluding": "2019.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_reader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95670BED-5773-45AB-AAB8-6338874A690A",
"versionEndIncluding": "10.2.2",
"versionStartIncluding": "10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_public_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C45810-5A87-4FE4-8857-E14F8ACE659E",
"versionEndIncluding": "10.2.2",
"versionStartIncluding": "10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop."
},
{
"lang": "es",
"value": "Numerosos productos de Tableau son vulnerables a ataque de tipo XXE por medio de un libro de trabajo, extensi\u00f3n o fuente de datos maliciosos, lo que conlleva a la divulgaci\u00f3n de informaci\u00f3n o a una DoS. Esto afecta a Tableau Server, Tableau Desktop, Tableau Reader y Tableau Public Desktop."
}
],
"id": "CVE-2019-15637",
"lastModified": "2024-11-21T04:29:10.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-26T17:15:12.710",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/minecrater/exploits/blob/master/TableauXXE.py"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/minecrater/exploits/blob/master/TableauXXE.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-22127
Vulnerability from cvelistv5
Published
2022-05-25 13:56
Modified
2024-08-03 03:07
Severity ?
EPSS score ?
Summary
Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://help.salesforce.com/s/articleView?id=000365493&type=1 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Tableau Server |
Version: 2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:48.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.salesforce.com/s/articleView?id=000365493\u0026type=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tableau Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-25T13:56:52",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.salesforce.com/s/articleView?id=000365493\u0026type=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2022-22127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tableau Server",
"version": {
"version_data": [
{
"version_value": "2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/s/articleView?id=000365493\u0026type=1",
"refsource": "MISC",
"url": "https://help.salesforce.com/s/articleView?id=000365493\u0026type=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2022-22127",
"datePublished": "2022-05-25T13:56:52",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-08-03T03:07:48.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-6939
Vulnerability from cvelistv5
Published
2020-11-23 16:16
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://help.salesforce.com/articleView?id=000355686&type=1&mode=1 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Tableau Server |
Version: versions affected on both Windows and Linux are: 2018.2 through 2018.2.27 Version: 2018.3 through 2018.3.24 Version: 2019.1 through 2019.1.22 Version: 2019.2 through 2019.2.18 Version: 2019.3 through 2019.3.14 Version: 2019.4 through 2019.4.13 Version: 2020.1 through 2020.1.10 Version: 2020.2 through 2020.2.7 Version: 2020.3 through 2020.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:01.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.salesforce.com/articleView?id=000355686\u0026type=1\u0026mode=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tableau Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions affected on both Windows and Linux are: 2018.2 through 2018.2.27"
},
{
"status": "affected",
"version": "2018.3 through 2018.3.24"
},
{
"status": "affected",
"version": "2019.1 through 2019.1.22"
},
{
"status": "affected",
"version": "2019.2 through 2019.2.18"
},
{
"status": "affected",
"version": "2019.3 through 2019.3.14"
},
{
"status": "affected",
"version": "2019.4 through 2019.4.13"
},
{
"status": "affected",
"version": "2020.1 through 2020.1.10"
},
{
"status": "affected",
"version": "2020.2 through 2020.2.7"
},
{
"status": "affected",
"version": "2020.3 through 2020.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-23T16:16:25",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.salesforce.com/articleView?id=000355686\u0026type=1\u0026mode=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2020-6939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tableau Server",
"version": {
"version_data": [
{
"version_value": "versions affected on both Windows and Linux are: 2018.2 through 2018.2.27"
},
{
"version_value": "2018.3 through 2018.3.24"
},
{
"version_value": "2019.1 through 2019.1.22"
},
{
"version_value": "2019.2 through 2019.2.18"
},
{
"version_value": "2019.3 through 2019.3.14"
},
{
"version_value": "2019.4 through 2019.4.13"
},
{
"version_value": "2020.1 through 2020.1.10"
},
{
"version_value": "2020.2 through 2020.2.7"
},
{
"version_value": "2020.3 through 2020.3.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/articleView?id=000355686\u0026type=1\u0026mode=1",
"refsource": "CONFIRM",
"url": "https://help.salesforce.com/articleView?id=000355686\u0026type=1\u0026mode=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2020-6939",
"datePublished": "2020-11-23T16:16:25",
"dateReserved": "2020-01-13T00:00:00",
"dateUpdated": "2024-08-04T09:18:01.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22128
Vulnerability from cvelistv5
Published
2022-10-17 00:00
Modified
2024-08-03 03:07
Severity ?
EPSS score ?
Summary
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Tableau Server |
Version: 2022.1 - 2022.1.42021.4 - 2021.4.92021.3 - 2021.3.142021.2 - 2021.2.152021.1 - 2021.1.172020.4 - 2020.4.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:48.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://help.salesforce.com/s/articleView?id=000367027\u0026type=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tableau Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1 - 2022.1.42021.4 - 2021.4.92021.3 - 2021.3.142021.2 - 2021.2.152021.1 - 2021.1.172020.4 - 2020.4.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent\u2019s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"url": "https://help.salesforce.com/s/articleView?id=000367027\u0026type=1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2022-22128",
"datePublished": "2022-10-17T00:00:00",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-08-03T03:07:48.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15637
Vulnerability from cvelistv5
Published
2019-08-26 16:21
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/minecrater/exploits/blob/master/TableauXXE.py"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T16:55:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/minecrater/exploits/blob/master/TableauXXE.py"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products",
"refsource": "MISC",
"url": "https://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products"
},
{
"name": "https://github.com/minecrater/exploits/blob/master/TableauXXE.py",
"refsource": "MISC",
"url": "https://github.com/minecrater/exploits/blob/master/TableauXXE.py"
},
{
"name": "https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15637",
"datePublished": "2019-08-26T16:21:07",
"dateReserved": "2019-08-26T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-6938
Vulnerability from cvelistv5
Published
2020-07-08 15:02
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=Sensitive-information-disclosure-vulnerability-affecting-Tableau-Server-in-certain-use-cases\u0026language=en_US"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.salesforce.com/articleView?id=000354158\u0026type=1\u0026mode=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tableau",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.5, 2018.1, 2018.2, 2018.3, 2019.1, 2019.2, 2019.3, 2019.4, 2020.1, 2020.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sensitive Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-08T15:02:06",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=Sensitive-information-disclosure-vulnerability-affecting-Tableau-Server-in-certain-use-cases\u0026language=en_US"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.salesforce.com/articleView?id=000354158\u0026type=1\u0026mode=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2020-6938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tableau",
"version": {
"version_data": [
{
"version_value": "10.5, 2018.1, 2018.2, 2018.3, 2019.1, 2019.2, 2019.3, 2019.4, 2020.1, 2020.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/apex/HTViewSolution?urlname=Sensitive-information-disclosure-vulnerability-affecting-Tableau-Server-in-certain-use-cases\u0026language=en_US",
"refsource": "MISC",
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=Sensitive-information-disclosure-vulnerability-affecting-Tableau-Server-in-certain-use-cases\u0026language=en_US"
},
{
"name": "https://help.salesforce.com/articleView?id=000354158\u0026type=1\u0026mode=1",
"refsource": "MISC",
"url": "https://help.salesforce.com/articleView?id=000354158\u0026type=1\u0026mode=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2020-6938",
"datePublished": "2020-07-08T15:02:06",
"dateReserved": "2020-01-13T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19719
Vulnerability from cvelistv5
Published
2019-12-11 03:05
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.tableau.com/community/security-bulletins/blog/2019/11/19/important-adv-2019-047-open-redirect-on-embeddedauthredirect-page"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T03:05:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.tableau.com/community/security-bulletins/blog/2019/11/19/important-adv-2019-047-open-redirect-on-embeddedauthredirect-page"
}
],
"x_ConverterErrors": {
"cvssV3_0": {
"error": "CVSSV3_0 data from v4 record is invalid",
"message": "Missing mandatory metrics \"AV\""
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/A:N/C:N/I:L/PR:N/S:U/UI:R",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.tableau.com/community/security-bulletins/blog/2019/11/19/important-adv-2019-047-open-redirect-on-embeddedauthredirect-page",
"refsource": "MISC",
"url": "https://community.tableau.com/community/security-bulletins/blog/2019/11/19/important-adv-2019-047-open-redirect-on-embeddedauthredirect-page"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19719",
"datePublished": "2019-12-11T03:05:55",
"dateReserved": "2019-12-11T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1629
Vulnerability from cvelistv5
Published
2021-03-26 16:20
Modified
2024-08-03 16:18
Severity ?
EPSS score ?
Summary
Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://help.salesforce.com/articleView?id=000357424&type=1&mode=1 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Apr/22 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/162138/Tableau-Server-Open-Redirection.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.salesforce.com/articleView?id=000357424\u0026type=1\u0026mode=1"
},
{
"name": "20210408 [SYSS-2020-032] Open Redirect in Tableau Server (CVE-2021-1629)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/22"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162138/Tableau-Server-Open-Redirection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tableau",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Tableau Server versions affected on both Windows and Linux are: 2019.4 through 2019.4.17 2020.1 through 2020.1.13 2020.2 through 2020.2.10 2020.3 through 2020.3.6 2020.4 through 2020.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other or Unknown",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-08T15:06:19",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.salesforce.com/articleView?id=000357424\u0026type=1\u0026mode=1"
},
{
"name": "20210408 [SYSS-2020-032] Open Redirect in Tableau Server (CVE-2021-1629)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/22"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162138/Tableau-Server-Open-Redirection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2021-1629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tableau",
"version": {
"version_data": [
{
"version_value": "Tableau Server versions affected on both Windows and Linux are: 2019.4 through 2019.4.17 2020.1 through 2020.1.13 2020.2 through 2020.2.10 2020.3 through 2020.3.6 2020.4 through 2020.4.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other or Unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/articleView?id=000357424\u0026type=1\u0026mode=1",
"refsource": "MISC",
"url": "https://help.salesforce.com/articleView?id=000357424\u0026type=1\u0026mode=1"
},
{
"name": "20210408 [SYSS-2020-032] Open Redirect in Tableau Server (CVE-2021-1629)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Apr/22"
},
{
"name": "http://packetstormsecurity.com/files/162138/Tableau-Server-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162138/Tableau-Server-Open-Redirection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2021-1629",
"datePublished": "2021-03-26T16:20:28",
"dateReserved": "2020-12-02T00:00:00",
"dateUpdated": "2024-08-03T16:18:10.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}