Severity: Critical

 

Summary: Heartbleed is a critical security vulnerability in the OpenSSL library (version 1.0.1). OpenSSL is an open source software that is used by many websites and software products, including some Tableau products.

 

Impact: The Heartbleed vulnerability allows a remote attacker to read client or server application memory. This can allow for encryption keys to be read, which can enable the decrypting of data obtained by intercepting traffic. For example, passwords or other sensitive data could be accessed. Tableau’s Desktop products use OpenSSL to negotiate the security protocol from the server to the desktop, including both Tableau Server and Tableau Desktop products that communicate with other servers. For example a dashboard with a web page component embedded in it may access a remote SSL-enabled server.

 

Vulnerable Versions: Tableau Desktop 8.1.0 (through 8.1.5), 8.2.0 Beta, Tableau Server 8.1.0 (through 8.1.5), 8.2.0 Beta, Tableau Reader 8.1.0 (through 8.1.5)

 

Resolution: Upgrade Tableau to the following Versions:

Tableau Desktop: 8.1.6

Tableau Desktop: 8.2.0

Tableau Server: 8.1.6

Tableau Server: 8.2.0

Tableau Public: 8.1.6

 

 

For more information and questions see Heartbleed information document: Heartbleed Vulnerability | Tableau Software