Severity: Medium

 

Summary: Tableau Server includes an unauthenticated API that generates a non-trivial amount of work on the server.

 

Impact: Exploits of the unauthenticated API call could result in a slow or unresponsive Tableau Server.

 

Vulnerable Versions: Tableau Server 9.0 (through 9.0.22), 9.1 (through 9.1.19), 9.2 (through 9.2.18), 9.3 (through 9.3.15), 10.0 (through 10.0.10), 10.1 (through 10.1.8), 10.2 (through 10.2.2).

 

Resolution: The issue can be fixed by upgrading to the following Tableau Server versions:

Tableau Server: 9.0.23

Tableau Server: 9.1.20

Tableau Server: 9.2.19

Tableau Server: 9.3.16

Tableau Server: 10.0.11

Tableau Server: 10.1.9

Tableau Server: 10.2.3