Severity: High

 

Summary: An authenticated remote attacker can send a specially crafted message that can result in the disclosure of information from Tableau Server.

 

Impact: Exploits of the authenticated API call can result in the disclosure of information that the Tableau Server Run As User service account has access to.

 

Vulnerable Versions: 9.3.0 (through 9.3.15), 10.0.0 (through 10.0.10), 10.1.0 (through 10.1.8), 10.2.0 (through 10.2.2), 10.3.0

 

Workarounds: None

 

Resolution: The issue can be fixed by upgrading to the following Tableau Server versions:

Tableau Server: 9.3.16

Tableau Server: 10.0.11

Tableau Server: 10.1.9

Tableau Server: 10.2.3

Tableau Server: 10.3.1