Severity: High


Summary:  An attacker can specially craft a Tableau Workbook to execute code on a victim's machine.  The attacker must convince the user to open the workbook to complete the attack. 


Vulnerable Versions: Tableau Desktop, Reader and Public 8.2.0 (through 8.2.19), 8.3.0 (through 8.3.14), 9.0.0 (through 9.0.16), 9.1.0 (through 9.1.12), 9.2.0 (through 9.2.11), 9.3.0 (through 9.3.6), 10.0.0


Resolution: The issue can be fixed by upgrading to the following Tableau Server versions:

Tableau Server 8.2.20

Tableau Server 8.3.15

Tableau Server 9.0.17

Tableau Server 9.1.13

Tableau Server 9.2.11

Tableau Server 9.3.7

Tableau Server 10.0.1


Workaround:  None


Acknowledgement:  This issue was found internally