Severity: High

 

Summary:  An attacker can specially craft a Tableau Workbook to execute code on a victim's machine.  The attacker must convince the user to open the workbook to complete the attack. 

 

Vulnerable Versions: Tableau Desktop, Reader and Public 8.2.0 (through 8.2.19), 8.3.0 (through 8.3.14), 9.0.0 (through 9.0.16), 9.1.0 (through 9.1.12), 9.2.0 (through 9.2.11), 9.3.0 (through 9.3.6), 10.0.0

 

Resolution: The issue can be fixed by upgrading to the following Tableau Server versions:

Tableau Server 8.2.20

Tableau Server 8.3.15

Tableau Server 9.0.17

Tableau Server 9.1.13

Tableau Server 9.2.11

Tableau Server 9.3.7

Tableau Server 10.0.1

 

Workaround:  None

 

Acknowledgement:  This issue was found internally