Severity: High

 

Summary: A vulnerable version of Tableau Server configured for Site SAML contains a flaw that can be exploited by an attacker to log into a site that they are not a member of. The attacker must have site administrator privileges on a site on the same server.

Impact: An attacker could log into a site they do not have access to.

 

Vulnerable Versions: 10.0(through 10.0.12), 10.1 (through 10.1.10), 10.2 (through 10.2.4), 10.3 (through 10.3.2)

 

Resolution: The issue can be fixed by upgrading to the following versions:

 

Tableau Server 10.0.13

Tableau Server 10.1.11

Tableau Server 10.2.5

Tableau Server 10.3.3