Vulnerability Details : CVE-2020-6939
Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2.
Products affected by CVE-2020-6939
- cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-6939
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-6939
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2020-6939
-
https://help.salesforce.com/articleView?id=000355686&type=1&mode=1
Site-Specific SAML vulnerability affecting Tableau ServerThird Party Advisory
Jump to