Summary: An attacker can specially craft a Tableau Workbook to execute code on a victim's machine. The attacker must convince the user to open the workbook to complete the attack.
Vulnerable Versions: Tableau Desktop, Reader and Public 8.2.0 (through 8.2.19), 8.3.0 (through 8.3.14), 9.0.0 (through 9.0.16), 9.1.0 (through 9.1.12), 9.2.0 (through 9.2.11), 9.3.0 (through 9.3.6), 10.0.0
Resolution: The issue can be fixed by upgrading to the following Tableau Server versions:
Tableau Server 8.2.20
Tableau Server 8.3.15
Tableau Server 9.0.17
Tableau Server 9.1.13
Tableau Server 9.2.11
Tableau Server 9.3.7
Tableau Server 10.0.1
Acknowledgement: This issue was found internally
Become a Viz Whiz on the Forums!
Support the Community and master Tableau.