Severity: High

 

Summary: Tableau Desktop and Tableau server uses a version of FlexNet Publisher that contains a vulnerability. The vulnerability can be exploited by malicious, local users on Windows systems.

 

Impact: Attackers may gain elevated privileges on the computer running Tableau Desktop for Windows or on Tableau Server.

Vulnerable Versions: Tableau Desktop for Windows and Tableau Server 9.0.0 (through 9.0.23), 9.1.0 (through 9.1.20), 9.2.0 (through 9.2.19) 9.3.0 (through 9.3.17), 10.0.0 (through 10.0.12), 10.1.0 (through 10.1.10), 10.2.0 (through 10.2.4), 10.3.0 (through 10.3.2) and 10.4.0.

 

Mitigation: None.

 

Resolution: The issue can be fixed by upgrading to the following versions:

 

Tableau Server and Tableau Desktop 9.0.24

Tableau Server and Tableau Desktop 9.1.21

Tableau Server and Tableau Desktop 9.2.20

Tableau Server and Tableau Desktop 9.3.18

Tableau Server and Tableau Desktop 10.0.13

Tableau Server and Tableau Desktop 10.1.11

Tableau Server and Tableau Desktop 10.2.5

Tableau Server and Tableau Desktop 10.3.3

Tableau Server and Tableau Desktop 10.4.1

 

More information: https://nvd.nist.gov/vuln/detail/CVE-2016-10395

 

Updates:

 

9/20/17 - corrected Resolution to include Tableau Desktop

9/25/17 - added 10.4 to the Vulnerable Versions List

10/18/17 - updated Resolution to include versions 9.0-9.3

11/9/17 - updated Resolution to include version 10.4