Skip navigation
1 2 3 Previous Next

Security Bulletins

148 posts

Highest overall severity: Medium


Summary:

When using an ODBC Data Source Name, sensitive values configured in the DSN can appear in the debug logs.


Impact:

Access to the log files can expose sensitive values.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: Medium
CVSS3 Score: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N - 4.4 Medium
Product Specific Notes: This only occurs when the log.level is set to Debug.

Vulnerable versions:

  • Tableau Server on Linux 10.5.0 through 10.5.22
  • Tableau Server on Linux 2018.1.0 through 2018.1.19
  • Tableau Server on Linux 2018.2.0 through 2018.2.16
  • Tableau Server on Linux 2018.3.0 through 2018.3.13
  • Tableau Server on Linux 2019.1.0 through 2019.1.11
  • Tableau Server on Linux 2019.2.0 through 2019.2.7
  • Tableau Server on Linux 2019.3.0 through 2019.3.3


Resolved in versions:

  • Tableau Server on Linux 10.5.23
  • Tableau Server on Linux 2018.1.20
  • Tableau Server on Linux 2018.2.17
  • Tableau Server on Linux 2018.3.14
  • Tableau Server on Linux 2019.1.12
  • Tableau Server on Linux 2019.2.8
  • Tableau Server on Linux 2019.3.4


Tableau Desktop (Back to top of page)

Severity: Medium
CVSS3 Score: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N - 4.4 Medium
Product Specific Notes: This only occurs when the log.level is set to Debug.

Vulnerable versions:

  • Tableau Desktop on Mac 10.4.0 through 10.4.23
  • Tableau Desktop on Mac 10.5.0 through 10.5.22
  • Tableau Desktop on Mac 2018.1.0 through 2018.1.19
  • Tableau Desktop on Mac 2018.2.0 through 2018.2.16
  • Tableau Desktop on Mac 2018.3.0 through 2018.3.13
  • Tableau Desktop on Mac 2019.1.0 through 2019.1.11
  • Tableau Desktop on Mac 2019.2.0 through 2019.2.7
  • Tableau Desktop on Mac 2019.3.0 through 2019.3.3


Resolved in versions:

  • Tableau Desktop on Mac 10.4.24
  • Tableau Desktop on Mac 10.5.23
  • Tableau Desktop on Mac 2018.1.20
  • Tableau Desktop on Mac 2018.2.17
  • Tableau Desktop on Mac 2018.3.14
  • Tableau Desktop on Mac 2019.1.12
  • Tableau Desktop on Mac 2019.2.8
  • Tableau Desktop on Mac 2019.3.4


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

Highest overall severity: High


Summary:

Multiple fixes have been addressed for vulnerabilities in QtWebEngine.

The following CVEs have been addressed:


Impact:

Attacker might cause denial of service or read data in memory.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: Medium
CVSS3 Score: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H - 6.5 Medium
Product Specific Notes: None.

Vulnerable versions:

  • Tableau Server on Linux 10.4 through 10.4.23
  • Tableau Server on Linux 10.5 through 10.5.22
  • Tableau Server on Linux 2018.1 through 2018.1.19
  • Tableau Server on Linux 2018.2 through 2018.2.16
  • Tableau Server on Linux 2018.3 through 2018.3.13
  • Tableau Server on Linux 2019.1 through 2019.1.11
  • Tableau Server on Linux 2019.2 through 2019.2.7
  • Tableau Server on Linux 2019.3 through 2019.3.3
  • Tableau Server on Linux 2019.4 through 2019.4.1

  • Tableau Server on Windows 10.4 through 10.4.23
  • Tableau Server on Windows 10.5 through 10.5.22
  • Tableau Server on Windows 2018.1 through 2018.1.19
  • Tableau Server on Windows 2018.2 through 2018.2.16
  • Tableau Server on Windows 2018.3 through 2018.3.13
  • Tableau Server on Windows 2019.1 through 2019.1.11
  • Tableau Server on Windows 2019.2 through 2019.2.7
  • Tableau Server on Windows 2019.3 through 2019.3.3
  • Tableau Server on Windows 2019.4 through 2019.4.1


Resolved in versions:

  • Tableau Server on Linux 10.4.24
  • Tableau Server on Linux 10.5.23
  • Tableau Server on Linux 2018.1.20
  • Tableau Server on Linux 2018.2.17
  • Tableau Server on Linux 2018.3.14
  • Tableau Server on Linux 2019.1.12
  • Tableau Server on Linux 2019.2.8
  • Tableau Server on Linux 2019.3.4
  • Tableau Server on Linux 2019.4.2

  • Tableau Server on Windows 10.4.24
  • Tableau Server on Windows 10.5.23
  • Tableau Server on Windows 2018.1.20
  • Tableau Server on Windows 2018.2.17
  • Tableau Server on Windows 2018.3.14
  • Tableau Server on Windows 2019.1.12
  • Tableau Server on Windows 2019.2.8
  • Tableau Server on Windows 2019.3.4
  • Tableau Server on Windows 2019.4.2


Tableau Desktop (Back to top of page)

Severity: High
CVSS3 Score: AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H - 7.0 High
Product Specific Notes: None.

Vulnerable versions:

  • Tableau Desktop on Mac 10.4 through 10.4.23
  • Tableau Desktop on Mac 10.5 through 10.5.22
  • Tableau Desktop on Mac 2018.1 through 2018.1.19
  • Tableau Desktop on Mac 2018.2 through 2018.2.16
  • Tableau Desktop on Mac 2018.3 through 2018.3.13
  • Tableau Desktop on Mac 2019.1 through 2019.1.11
  • Tableau Desktop on Mac 2019.2 through 2019.2.7
  • Tableau Desktop on Mac 2019.3 through 2019.3.3
  • Tableau Desktop on Mac 2019.4 through 2019.4.1

  • Tableau Desktop on Windows 10.4 through 10.4.23
  • Tableau Desktop on Windows 10.5 through 10.5.22
  • Tableau Desktop on Windows 2018.1 through 2018.1.19
  • Tableau Desktop on Windows 2018.2 through 2018.2.16
  • Tableau Desktop on Windows 2018.3 through 2018.3.13
  • Tableau Desktop on Windows 2019.1 through 2019.1.11
  • Tableau Desktop on Windows 2019.2 through 2019.2.7
  • Tableau Desktop on Windows 2019.3 through 2019.3.3
  • Tableau Desktop on Windows 2019.4 through 2019.4.1


Resolved in versions:

  • Tableau Desktop on Mac 10.4.24
  • Tableau Desktop on Mac 10.5.23
  • Tableau Desktop on Mac 2018.1.20
  • Tableau Desktop on Mac 2018.2.17
  • Tableau Desktop on Mac 2018.3.14
  • Tableau Desktop on Mac 2019.1.12
  • Tableau Desktop on Mac 2019.2.8
  • Tableau Desktop on Mac 2019.3.4
  • Tableau Desktop on Mac 2019.4.2

  • Tableau Desktop on Windows 10.4.23
  • Tableau Desktop on Windows 10.5.22
  • Tableau Desktop on Windows 2018.1.20
  • Tableau Desktop on Windows 2018.2.17
  • Tableau Desktop on Windows 2018.3.14
  • Tableau Desktop on Windows 2019.1.12
  • Tableau Desktop on Windows 2019.2.8
  • Tableau Desktop on Windows 2019.3.4
  • Tableau Desktop on Windows 2019.4.2


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

Highest overall severity: High


Summary:

Various memory corruption issues exist in Tableau products.


Impact:

An attacker exploiting this vulnerability may be able to execute arbitrary code or cause a crash.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: High
CVSS3 Score: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H - 7.5 High
Product Specific Notes: An authenticated user that is able to publish a workbook to Tableau Server can trigger this vulnerability.

Vulnerable versions:

  • Tableau Server on Linux 10.5.0 through 10.5.22
  • Tableau Server on Linux 2018.1.0 through 2018.1.19
  • Tableau Server on Linux 2018.2.0 through 2018.2.16
  • Tableau Server on Linux 2018.3.0 through 2018.3.13
  • Tableau Server on Linux 2019.1.0 through 2019.1.11
  • Tableau Server on Linux 2019.2.0 through 2019.2.7
  • Tableau Server on Linux 2019.3.0 through 2019.3.3
  • Tableau Server on Linux 2019.4.0 through 2019.4.1

  • Tableau Server on Windows 10.4.0 through 10.4.23
  • Tableau Server on Windows 10.5.0 through 10.5.22
  • Tableau Server on Windows 2018.1.0 through 2018.1.19
  • Tableau Server on Windows 2018.2.0 through 2018.2.16
  • Tableau Server on Windows 2018.3.0 through 2018.3.13
  • Tableau Server on Windows 2019.1.0 through 2019.1.11
  • Tableau Server on Windows 2019.2.0 through 2019.2.7
  • Tableau Server on Windows 2019.3.0 through 2019.3.3
  • Tableau Server on Windows 2019.4.0 through 2019.4.1


Resolved in versions:

  • Tableau Server on Linux 10.5.23
  • Tableau Server on Linux 2018.1.20
  • Tableau Server on Linux 2018.2.17
  • Tableau Server on Linux 2018.3.14
  • Tableau Server on Linux 2019.1.12
  • Tableau Server on Linux 2019.2.8
  • Tableau Server on Linux 2019.3.4
  • Tableau Server on Linux 2019.4.2

  • Tableau Server on Windows 10.4.24
  • Tableau Server on Windows 10.5.23
  • Tableau Server on Windows 2018.1.20
  • Tableau Server on Windows 2018.2.17
  • Tableau Server on Windows 2018.3.14
  • Tableau Server on Windows 2019.1.12
  • Tableau Server on Windows 2019.2.8
  • Tableau Server on Windows 2019.3.4
  • Tableau Server on Windows 2019.4.2


Tableau Desktop (Back to top of page)

Severity: High
CVSS3 Score: AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H - 7.0 High
Product Specific Notes: Opening a malicious workbook can trigger this vulnerability.

Vulnerable versions:

  • Tableau Desktop on Mac 10.4.0 through 10.4.23
  • Tableau Desktop on Mac 10.5.0 through 10.5.22
  • Tableau Desktop on Mac 2018.1.0 through 2018.1.19
  • Tableau Desktop on Mac 2018.2.0 through 2018.2.16
  • Tableau Desktop on Mac 2018.3.0 through 2018.3.13
  • Tableau Desktop on Mac 2019.1.0 through 2019.1.11
  • Tableau Desktop on Mac 2019.2.0 through 2019.2.7
  • Tableau Desktop on Mac 2019.3.0 through 2019.3.3
  • Tableau Desktop on Mac 2019.4.0 through 2019.4.1

  • Tableau Desktop on Windows 10.4.0 through 10.4.23
  • Tableau Desktop on Windows 10.5.0 through 10.5.22
  • Tableau Desktop on Windows 2018.1.0 through 2018.1.19
  • Tableau Desktop on Windows 2018.2.0 through 2018.2.16
  • Tableau Desktop on Windows 2018.3.0 through 2018.3.13
  • Tableau Desktop on Windows 2019.1.0 through 2019.1.11
  • Tableau Desktop on Windows 2019.2.0 through 2019.2.7
  • Tableau Desktop on Windows 2019.3.0 through 2019.3.3
  • Tableau Desktop on Windows 2019.4.0 through 2019.4.1


Resolved in versions:

  • Tableau Desktop on Mac 10.4.24
  • Tableau Desktop on Mac 10.5.23
  • Tableau Desktop on Mac 2018.1.20
  • Tableau Desktop on Mac 2018.2.17
  • Tableau Desktop on Mac 2018.3.14
  • Tableau Desktop on Mac 2019.1.12
  • Tableau Desktop on Mac 2019.2.8
  • Tableau Desktop on Mac 2019.3.4
  • Tableau Desktop on Mac 2019.4.2

  • Tableau Desktop on Windows 10.4.24
  • Tableau Desktop on Windows 10.5.23
  • Tableau Desktop on Windows 2018.1.20
  • Tableau Desktop on Windows 2018.2.17
  • Tableau Desktop on Windows 2018.3.14
  • Tableau Desktop on Windows 2019.1.12
  • Tableau Desktop on Windows 2019.2.8
  • Tableau Desktop on Windows 2019.3.4
  • Tableau Desktop on Windows 2019.4.2


Tableau Bridge (Back to top of page)

Severity: High
CVSS3 Score: AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H - 7.0 High
Product Specific Notes: None.

Vulnerable versions:

  • Tableau Bridge on Windows 2018.2 through 20194.19.1211.1636


Resolved in versions:

  • Tableau Bridge on Windows 20194.20.0110.1800


Tableau Prep Builder (Back to top of page)

Severity: High
CVSS3 Score: AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H - 7.0 High
Product Specific Notes: Opening a malicious flow can trigger this vulnerability.

Vulnerable versions:

  • Tableau Prep on Mac 2018.1.1 through 2019.4.2

  • Tableau Prep on Windows 2018.1.1 through 2019.4.2


Resolved in versions:

  • Tableau Prep on Mac 2020.1.1

  • Tableau Prep on Windows 2020.1.1


Tableau Reader (Back to top of page)

Severity: High
CVSS3 Score: AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H - 7.0 High
Product Specific Notes: Opening a malicious workbook can trigger this vulnerability.

Vulnerable versions:

  • Tableau Reader on Mac 10.4 through 2019.4.1

  • Tableau Reader on Windows 10.4 through 2019.4.1


Resolved in versions:

  • Tableau Reader on Mac 2019.4.2

  • Tableau Reader on Windows 2019.4.2


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: High
CVSS3 Score: AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H - 7.0 High
Product Specific Notes: Opening a malicious workbook can trigger this vulnerability.

Vulnerable versions:

  • Tableau Public Desktop on Mac 10.4 through 2019.4.1

  • Tableau Public Desktop on Windows 10.4 through 2019.4.1


Resolved in versions:

  • Tableau Public Desktop on Mac 2019.4.2

  • Tableau Public Desktop on Windows 2019.4.2

Highest overall severity: Medium


Summary:

HTML chacaters are not properly encoded in emails sent to users who are tagged in comments. The previous fix (ADV-2019-041) addressing this vulnerability was  incomplete.


Impact:

A Tableau user can craft phishing emails to other Tableau Server users.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: Medium
CVSS3 Score: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N - 4.3 Medium
Product Specific Notes: None.

Vulnerable versions:

  • Tableau Server on Linux 2018.2.0 through 2018.2.16
  • Tableau Server on Linux 2018.3.0 through 2018.3.13
  • Tableau Server on Linux 2019.1.0 through 2019.1.11
  • Tableau Server on Linux 2019.2.0 through 2019.2.7
  • Tableau Server on Linux 2019.3.0 through 2019.3.3
  • Tableau Server on Linux 2019.4.0 through 2019.4.1

  • Tableau Server on Windows 2018.2.0 through 2018.2.16
  • Tableau Server on Windows 2018.3.0 through 2018.3.13
  • Tableau Server on Windows 2019.1.0 through 2019.1.11
  • Tableau Server on Windows 2019.2.0 through 2019.2.7
  • Tableau Server on Windows 2019.3.0 through 2019.3.3
  • Tableau Server on Windows 2019.4.0 through 2019.4.1


Resolved in versions:

  • Tableau Server on Linux 2018.2.17
  • Tableau Server on Linux 2018.3.14
  • Tableau Server on Linux 2019.1.12
  • Tableau Server on Linux 2019.2.8
  • Tableau Server on Linux 2019.3.4
  • Tableau Server on Linux 2019.4.2

  • Tableau Server on Windows 2018.2.17
  • Tableau Server on Windows 2018.3.14
  • Tableau Server on Windows 2019.1.12
  • Tableau Server on Windows 2019.2.8
  • Tableau Server on Windows 2019.3.4
  • Tableau Server on Windows 2019.4.2


Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

Highest overall severity: High


Summary:

Under certain circumstances, Tableau Server removes authentication on a JMX server, which may allow Remote Code Execution.


Impact:

An attacker can execute arbitrary commands on vulnerable Tableau Server if the JMX RMI port is not protected.


Mitigation:

Implement a host firewall like described in [Step 5 in Tableau server hardening guide] (https://help.tableau.com/current/server/en-us/security_harden.htm) will mitigate this vulnerability


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: High
CVSS3 Score: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - 7.2 High
Product Specific Notes: Not affected.

Vulnerable versions:

  • Tableau Server on Linux 2019.1 through 2019.1.11
  • Tableau Server on Linux 2019.2 through 2019.2.7
  • Tableau Server on Linux 2019.3 through 2019.3.3
  • Tableau Server on Linux 2019.4 through 2019.4.1

  • Tableau Server on Windows 2019.1 through 2019.1.11
  • Tableau Server on Windows 2019.2 through 2019.2.7
  • Tableau Server on Windows 2019.3 through 2019.3.3
  • Tableau Server on Windows 2019.4 through 2019.4.1


Resolved in versions:

  • Tableau Server on Linux 2019.1.12
  • Tableau Server on Linux 2019.2.8
  • Tableau Server on Linux 2019.3.4
  • Tableau Server on Linux 2019.4.2

  • Tableau Server on Windows 2019.1.12
  • Tableau Server on Windows 2019.2.8
  • Tableau Server on Windows 2019.3.4
  • Tableau Server on Windows 2019.4.2


Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

Highest overall severity: Medium


Summary:

When connecting to a datasource from an OAuth connection an error may occur that displays exception information in the return URL. In some cases, the exception information contains the access token used to authenticate to the datasource.


Impact:

URLs appear in browser history and commonly appear in server and proxy logs, thereby potentially exposing the access token to unauthorized users.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: Medium
CVSS3 Score: AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N - 6.0 Medium
Product Specific Notes: None.

Vulnerable versions:

  • Tableau Server on Linux 10.5.0 through 10.5.22
  • Tableau Server on Linux 2018.1.0 through 2018.1.19
  • Tableau Server on Linux 2018.2.0 through 2018.2.16
  • Tableau Server on Linux 2018.3.0 through 2018.3.13
  • Tableau Server on Linux 2019.1.0 through 2019.1.11
  • Tableau Server on Linux 2019.2.0 through 2019.2.7
  • Tableau Server on Linux 2019.3.0 through 2019.3.3
  • Tableau Server on Linux 2019.4.0 through 2019.4.1

  • Tableau Server on Windows 10.4.0 through 10.4.23
  • Tableau Server on Windows 10.5.0 through 10.5.22
  • Tableau Server on Windows 2018.1.0 through 2018.1.19
  • Tableau Server on Windows 2018.2.0 through 2018.2.16
  • Tableau Server on Windows 2018.3.0 through 2018.3.13
  • Tableau Server on Windows 2019.1.0 through 2019.1.11
  • Tableau Server on Windows 2019.2.0 through 2019.2.7
  • Tableau Server on Windows 2019.3.0 through 2019.3.3
  • Tableau Server on Windows 2019.4.0 through 2019.4.1


Resolved in versions:

  • Tableau Server on Linux 10.5.23
  • Tableau Server on Linux 2018.1.20
  • Tableau Server on Linux 2018.2.17
  • Tableau Server on Linux 2018.3.14
  • Tableau Server on Linux 2019.1.12
  • Tableau Server on Linux 2019.2.8
  • Tableau Server on Linux 2019.3.4
  • Tableau Server on Linux 2019.4.2

  • Tableau Server on Windows 10.4.24
  • Tableau Server on Windows 10.5.23
  • Tableau Server on Windows 2018.1.20
  • Tableau Server on Windows 2018.2.17
  • Tableau Server on Windows 2018.3.14
  • Tableau Server on Windows 2019.1.12
  • Tableau Server on Windows 2019.2.8
  • Tableau Server on Windows 2019.3.4
  • Tableau Server on Windows 2019.4.2


Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

Highest overall severity: Medium


Summary:

File paths of temporary files are included in the user-facing error messages after a publishing attempt fails.


Impact:

Users can learn some information about the Tableau Server file hierarchy.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: Medium
CVSS3 Score: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N - 4.3 Medium
Product Specific Notes: None.

Vulnerable versions:

  • Tableau Server on Linux 10.4 through 10.4.22
  • Tableau Server on Linux 10.5 through 10.5.21
  • Tableau Server on Linux 2018.1 through 2018.1.18
  • Tableau Server on Linux 2018.2 through 2018.2.16
  • Tableau Server on Linux 2018.3 through 2018.3.13
  • Tableau Server on Linux 2019.1 through 2019.1.11
  • Tableau Server on Linux 2019.2 through 2019.2.7
  • Tableau Server on Linux 2019.3 through 2019.3.3
  • Tableau Server on Linux 2019.4 through 2019.4.1

  • Tableau Server on Windows 10.4 through 10.4.22
  • Tableau Server on Windows 10.5 through 10.5.21
  • Tableau Server on Windows 2018.1 through 2018.1.18
  • Tableau Server on Windows 2018.2 through 2018.2.16
  • Tableau Server on Windows 2018.3 through 2018.3.13
  • Tableau Server on Windows 2019.1 through 2019.1.11
  • Tableau Server on Windows 2019.2 through 2019.2.7
  • Tableau Server on Windows 2019.3 through 2019.3.3
  • Tableau Server on Windows 2019.4 through 2019.4.1


Resolved in versions:

  • Tableau Server on Linux 10.4.23
  • Tableau Server on Linux 10.5.22
  • Tableau Server on Linux 2018.1.19
  • Tableau Server on Linux 2018.2.17
  • Tableau Server on Linux 2018.3.14
  • Tableau Server on Linux 2019.1.12
  • Tableau Server on Linux 2019.2.8
  • Tableau Server on Linux 2019.3.4
  • Tableau Server on Linux 2019.4.2

  • Tableau Server on Windows 10.4.23
  • Tableau Server on Windows 10.5.22
  • Tableau Server on Windows 2018.1.19
  • Tableau Server on Windows 2018.2.17
  • Tableau Server on Windows 2018.3.14
  • Tableau Server on Windows 2019.1.12
  • Tableau Server on Windows 2019.2.8
  • Tableau Server on Windows 2019.3.4
  • Tableau Server on Windows 2019.4.2


Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

Highest overall severity: High


Summary:

Tableau Server configured with an external Active Directory identity store can be forced to attempt to find users in a domain other than the one configured. An unauthenticated attacker can capture the Tableau Server Run As service account NTLMv1 password hash during this operation.


Impact:

The Run As service account password could be discovered by a brute-force attack of the NTLMv1 hash.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: High
CVSS3 Score: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - 7.5 High
Product Specific Notes: This only affects Tableau Servers configured to use an Active Directory identity store.

Vulnerable versions:

  • Tableau Server on Linux 10.5.0 through 10.5.22
  • Tableau Server on Linux 2018.1.0 through 2018.1.19
  • Tableau Server on Linux 2018.2.0 through 2018.2.16
  • Tableau Server on Linux 2018.3.0 through 2018.3.13
  • Tableau Server on Linux 2019.1.0 through 2019.1.11
  • Tableau Server on Linux 2019.2.0 through 2019.2.7
  • Tableau Server on Linux 2019.3.0 through 2019.3.3
  • Tableau Server on Linux 2019.4.0 through 2019.4.1

  • Tableau Server on Windows 10.4.0 through 10.4.23
  • Tableau Server on Windows 10.5.0 through 10.5.22
  • Tableau Server on Windows 2018.1.0 through 2018.1.19
  • Tableau Server on Windows 2018.2.0 through 2018.2.16
  • Tableau Server on Windows 2018.3.0 through 2018.3.13
  • Tableau Server on Windows 2019.1.0 through 2019.1.11
  • Tableau Server on Windows 2019.2.0 through 2019.2.7
  • Tableau Server on Windows 2019.3.0 through 2019.3.3
  • Tableau Server on Windows 2019.4.0 through 2019.4.1


Resolved in versions:

  • Tableau Server on Linux 10.5.23
  • Tableau Server on Linux 2018.1.20
  • Tableau Server on Linux 2018.2.17
  • Tableau Server on Linux 2018.3.14
  • Tableau Server on Linux 2019.1.12
  • Tableau Server on Linux 2019.2.8
  • Tableau Server on Linux 2019.3.4
  • Tableau Server on Linux 2019.4.2

  • Tableau Server on Windows 10.4.24
  • Tableau Server on Windows 10.5.23
  • Tableau Server on Windows 2018.1.20
  • Tableau Server on Windows 2018.2.17
  • Tableau Server on Windows 2018.3.14
  • Tableau Server on Windows 2019.1.12
  • Tableau Server on Windows 2019.2.8
  • Tableau Server on Windows 2019.3.4
  • Tableau Server on Windows 2019.4.2


Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Acknowledgement: This vulnerability was discovered by Jason Juntunen.

Highest overall severity: Medium


Summary:

An unspecified a JavaScript command lacks proper input validation that can result in files being written to an attacker-controlled location.


Impact:

Overwriting files may result in Tableau Server failing to operate.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: Medium
CVSS3 Score: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H - 6.5 Medium
Product Specific Notes:

Vulnerable versions:

  • Tableau Server on Linux 2019.1 through 2019.1.11
  • Tableau Server on Linux 2019.2 through 2019.2.7
  • Tableau Server on Linux 2019.3 through 2019.3.3
  • Tableau Server on Linux 2019.4 through 2019.4.1

  • Tableau Server on Windows 2019.1 through 2019.1.11
  • Tableau Server on Windows 2019.2 through 2019.2.7
  • Tableau Server on Windows 2019.3 through 2019.3.3
  • Tableau Server on Windows 2019.4 through 2019.4.1


Resolved in versions:

  • Tableau Server on Linux 2019.1.12
  • Tableau Server on Linux 2019.2.8
  • Tableau Server on Linux 2019.3.4
  • Tableau Server on Linux 2019.4.2

  • Tableau Server on Windows 2019.1.12
  • Tableau Server on Windows 2019.2.8
  • Tableau Server on Windows 2019.3.4
  • Tableau Server on Windows 2019.4.2


Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

Highest overall severity: Medium


Summary:

Tableau Data Catalog metadata that includes specific embedded parameters and are published to Tableau Server may cause a XSS vulnerability in Tableau Server.


Impact:

When users open the Data Catalog tab in Tableau Server and click on embedded text, arbitrary Javascript may run in their browser session.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: Medium
CVSS3 Score: AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N - 6.8 Medium
Product Specific Notes: None.

Vulnerable versions:

  • Tableau Server on Linux 10.5 through 10.5.22
  • Tableau Server on Linux 2018.1 through 2018.1.19
  • Tableau Server on Linux 2018.2 through 2018.2.16
  • Tableau Server on Linux 2018.3 through 2018.3.13
  • Tableau Server on Linux 2019.1 through 2019.1.11
  • Tableau Server on Linux 2019.2 through 2019.2.7
  • Tableau Server on Linux 2019.3 through 2019.3.3
  • Tableau Server on Linux 2019.4 through 2019.4.1

  • Tableau Server on Windows 10.4 through 10.4.23
  • Tableau Server on Windows 10.5 through 10.5.22
  • Tableau Server on Windows 2018.1 through 2018.1.19
  • Tableau Server on Windows 2018.2 through 2018.2.16
  • Tableau Server on Windows 2018.3 through 2018.3.13
  • Tableau Server on Windows 2019.1 through 2019.1.11
  • Tableau Server on Windows 2019.2 through 2019.2.7
  • Tableau Server on Windows 2019.3 through 2019.3.3
  • Tableau Server on Windows 2019.4 through 2019.4.1


Resolved in versions:

  • Tableau Server on Linux 10.5.23
  • Tableau Server on Linux 2018.1.20
  • Tableau Server on Linux 2018.2.17
  • Tableau Server on Linux 2018.3.14
  • Tableau Server on Linux 2019.1.12
  • Tableau Server on Linux 2019.2.8
  • Tableau Server on Linux 2019.3.4
  • Tableau Server on Linux 2019.4.2

  • Tableau Server on Windows 10.4.24
  • Tableau Server on Windows 10.5.23
  • Tableau Server on Windows 2018.1.20
  • Tableau Server on Windows 2018.2.17
  • Tableau Server on Windows 2018.3.14
  • Tableau Server on Windows 2019.1.12
  • Tableau Server on Windows 2019.2.8
  • Tableau Server on Windows 2019.3.4
  • Tableau Server on Windows 2019.4.2


Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

Highest overall severity: Medium


Summary:

An unspecified API does not protect the user from cross-site request forgery.


Impact:

An attacker who is able to persuade a victim to visit a malicious website can change a setting for a user on Tableau Server.

 

Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: Medium
CVSS3 Score: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N - 4.3 Medium
Product Specific Notes: None.

Vulnerable versions:

  • Tableau Server on Linux 10.5 through 10.5.21
  • Tableau Server on Linux 2018.1 through 2018.1.18
  • Tableau Server on Linux 2018.2 through 2018.2.15
  • Tableau Server on Linux 2018.3 through 2018.3.12
  • Tableau Server on Linux 2019.1 through 2019.1.10
  • Tableau Server on Linux 2019.2 through 2019.2.6
  • Tableau Server on Linux 2019.3 through 2019.3.2
  • Tableau Server on Linux 2019.4 through 2019.4.0

  • Tableau Server on Windows 10.4 through 10.4.22
  • Tableau Server on Windows 10.5 through 10.5.21
  • Tableau Server on Windows 2018.1 through 2018.1.18
  • Tableau Server on Windows 2018.2 through 2018.2.15
  • Tableau Server on Windows 2018.3 through 2018.3.12
  • Tableau Server on Windows 2019.1 through 2019.1.10
  • Tableau Server on Windows 2019.2 through 2019.2.6
  • Tableau Server on Windows 2019.3 through 2019.3.2
  • Tableau Server on Windows 2019.4 through 2019.4.0


Resolved in versions:

  • Tableau Server on Linux 10.5.22
  • Tableau Server on Linux 2018.1.19
  • Tableau Server on Linux 2018.2.16
  • Tableau Server on Linux 2018.3.13
  • Tableau Server on Linux 2019.1.11
  • Tableau Server on Linux 2019.2.7
  • Tableau Server on Linux 2019.3.3
  • Tableau Server on Linux 2019.4.1

  • Tableau Server on Windows 10.4.23
  • Tableau Server on Windows 10.5.22
  • Tableau Server on Windows 2018.1.19
  • Tableau Server on Windows 2018.2.16
  • Tableau Server on Windows 2018.3.13
  • Tableau Server on Windows 2019.1.11
  • Tableau Server on Windows 2019.2.7
  • Tableau Server on Windows 2019.3.3
  • Tableau Server on Windows 2019.4.1

 

Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

Highest overall severity: Medium


Summary:

Extracts created on Tableau Server with web authoring are not encrypted even if "Encrypted" was selected.


Impact:

Extracts that Tableau Server reports as encrypted are stored in plaintext.

 

Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: Medium
CVSS3 Score: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N - 4.7 Medium
Product Specific Notes: None.

Vulnerable versions:

  • Tableau Server on Linux 2019.4 through 2019.4.0

  • Tableau Server on Windows 2019.4 through 2019.4.0


Resolved in versions:

  • Tableau Server on Linux 2019.4.1

  • Tableau Server on Windows 2019.4.1

 

Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

Highest overall severity: Medium


Summary:

Unspecified APIs allow for a user with access to a particular sheet to see all datasource fields in the related workbook.


Impact:

A Tableau Server user can learn the existenice of datasource field names that they do not have access to.

 

Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: Medium
CVSS3 Score: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N - 6.5 Medium
Product Specific Notes: This only occurs on Tableau Server installs with the Data Management add-on.

Vulnerable versions:

  • Tableau Server on Linux 2019.3 through 2019.3.2
  • Tableau Server on Linux 2019.4 through 2019.4.0

  • Tableau Server on Windows 2019.3 through 2019.3.2
  • Tableau Server on Windows 2019.4 through 2019.4.0


Resolved in versions:

  • Tableau Server on Linux 2019.3.3
  • Tableau Server on Linux 2019.4.1

  • Tableau Server on Windows 2019.3.3
  • Tableau Server on Windows 2019.4.1

 

Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

Highest overall severity: Medium


Summary:

An unspecified API lacks proper input validation that can result in files being written to an attacker-controlled location.


Impact:

Overwriting files may result in Tableau Server failing to operate.

 

Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: Medium
CVSS3 Score: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H - 6.5 Medium
Product Specific Notes: None.

Vulnerable versions:

  • Tableau Server on Linux 2019.4 through 2019.4.0

  • Tableau Server on Windows 2019.4 through 2019.4.0


Resolved in versions:

  • Tableau Server on Linux 2019.4.1

  • Tableau Server on Windows 2019.4.1

 

Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

Highest overall severity: Medium


Summary:

Tableau Server uses the Java JRE. The October 2019 update to the Java JRE contained an unspecified Medium severity issue (CVE-2019-2958) that might present a risk to Tableau Server. We have upgraded to the October 2019 release of the JRE that contains fixes for other CVEs as well.

 

The following CVEs have been addressed:

 

 


Impact:
From https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixJAVA This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

 

Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server
Severity: Medium
CVSS3 Score: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N - 5.3 Medium
Product Specific Notes: None.
Vulnerable versions:

  • Tableau Server on Linux 10.5 through 10.5.21
  • Tableau Server on Linux 2018.1 through 2018.1.18
  • Tableau Server on Linux 2018.2 through 2018.2.15
  • Tableau Server on Linux 2018.3 through 2018.3.12
  • Tableau Server on Linux 2019.1 through 2019.1.10
  • Tableau Server on Linux 2019.2 through 2019.2.6
  • Tableau Server on Linux 2019.3 through 2019.3.2
  • Tableau Server on Linux 2019.4 through 2019.4.0

  • Tableau Server on Windows 10.4 through 10.4.22
  • Tableau Server on Windows 10.5 through 10.5.21
  • Tableau Server on Windows 2018.1 through 2018.1.18
  • Tableau Server on Windows 2018.2 through 2018.2.15
  • Tableau Server on Windows 2018.3 through 2018.3.12
  • Tableau Server on Windows 2019.1 through 2019.1.10
  • Tableau Server on Windows 2019.2 through 2019.2.6
  • Tableau Server on Windows 2019.3 through 2019.3.2
  • Tableau Server on Windows 2019.4 through 2019.4.0


Resolved in versions:

  • Tableau Server on Linux 10.5.22
  • Tableau Server on Linux 2018.1.19
  • Tableau Server on Linux 2018.2.16
  • Tableau Server on Linux 2018.3.13
  • Tableau Server on Linux 2019.1.11
  • Tableau Server on Linux 2019.2.7
  • Tableau Server on Linux 2019.3.3
  • Tableau Server on Linux 2019.4.1

  • Tableau Server on Windows 10.4.23
  • Tableau Server on Windows 10.5.22
  • Tableau Server on Windows 2018.1.19
  • Tableau Server on Windows 2018.2.16
  • Tableau Server on Windows 2018.3.13
  • Tableau Server on Windows 2019.1.11
  • Tableau Server on Windows 2019.2.7
  • Tableau Server on Windows 2019.3.3
  • Tableau Server on Windows 2019.4.1

 

Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.