Summary: An authenticated remote attacker can send a specially crafted message that can result in the disclosure of information from Tableau Server.
Impact: Exploits of the authenticated API call can result in the disclosure of information that the Tableau Server Run As User service account has access to.
Vulnerable Versions: 9.3.0 (through 9.3.15), 10.0.0 (through 10.0.10), 10.1.0 (through 10.1.8), 10.2.0 (through 10.2.2), 10.3.0
Resolution: The issue can be fixed by upgrading to the following Tableau Server versions:
Tableau Server: 9.3.16
Tableau Server: 10.0.11
Tableau Server: 10.1.9
Tableau Server: 10.2.3
Tableau Server: 10.3.1