Skip navigation
2015

Security Bulletins

December 2015 Previous month Next month

Severity: Medium

 

Summary: Under certain conditions a user might inadvertently store the credentials (such as username and password) for a data source (such as a database login) in a workbook.  See this KB article for more information.

 

Vulnerable Versions: Tableau Desktop 8.2 (through 8.2.13), 8.3 (through 8.3.8), 9.0 (through 9.0.4)

Tableau Server 8.2 (through 8.2.13), 8.3 (through 8.3.8), 9.0 (through 9.0.4)

Tableau Online

 

Resolution: The issue can be fixed by upgrading to the following Tableau Server or Tableau Desktop versions:

Tableau Desktop 8.2.14

Tableau Desktop 8.3.9

Tableau Server 9.0.5

Severity: Medium

 

Summary: In Tableau Desktop for Mac, certificates that are configured as "Never Trust" in the keychain are trusted by Tableau Desktop. See this KB article for more information.

 

Vulnerable Versions:

Tableau Desktop 8.2 (through 8.2.15), 8.3 (through 8.3.10), 9.0 (through 9.0.7),9.1.0 (through 9.1.1)

 

Conditions: This vulnerability only affects Tableau Desktop running on Mac OS X.

 

Resolution: The issue can be fixed by upgrading to the following Tableau Desktop versions:

Tableau Desktop: 8.2.16

Tableau Desktop: 8.3.11

Tableau Desktop: 9.1.2

Severity: High

 

Summary: The fix applied for ADV-2015-002 was incomplete and still left the opportunity for an authorized user to send carefully crafted input that results in disclosure of server configuration information.  This KB article  has been updated with new information:

 

Vulnerable Versions: Tableau Server 8.1 (through 8.1.24), 8.2 (through 8.2.17), 8.3 (through 8.3.12), 9.0 (through 9.0.11), 9.1 (through 9.1.5), 9.2 (through 9.2.3)

 

Resolutions: The issue can be fixed by upgrading to the following Tableau Server versions:

Tableau Server: 8.1.25

Tableau Server: 8.2.18

Tableau Server: 8.3.13

Tableau Server: 9.0.12

Tableau Server: 9.1.6

Tableau Server: 9.2.4

Severity: Critical

 

Summary: Due to a buffer overflow in the licensing component of Tableau Server can allow remote attackers to cause a denial of service or inject and run arbitrary code on the computer. See this security notice for more information.

 

Vulnerable Versions: Tableau Server 8.1 (through 8.1.23), 8.2 (through 8.2.16), 8.3 (through 8.3.11), 9.0 (through 9.0.8), 9.1 (through 9.1.2)

 

Resolution: The issue can be fixed by upgrading to the following Tableau Server versions:

Tableau Server 8.1.24

Tableau Server 8.2.17

Tableau Server 8.3.12

Tableau Server 9.0.9

Tableau Server 9.1.3