Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.
Max CVSS
9.8
EPSS Score
0.58%
Published
2022-10-17
Updated
2022-10-19
Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable.
Max CVSS
7.2
EPSS Score
0.08%
Published
2022-05-25
Updated
2022-06-07
Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.
Max CVSS
6.1
EPSS Score
0.26%
Published
2021-03-26
Updated
2021-06-03
Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2.
Max CVSS
10.0
EPSS Score
0.22%
Published
2020-11-23
Updated
2020-12-08
A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files.
Max CVSS
7.5
EPSS Score
0.15%
Published
2020-07-08
Updated
2020-07-14
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
Max CVSS
6.1
EPSS Score
0.13%
Published
2019-12-11
Updated
2019-12-12
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
Max CVSS
8.1
EPSS Score
3.51%
Published
2019-08-26
Updated
2022-04-18
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!