Severity: High


Summary: A vulnerable version of Tableau Server configured for Site SAML contains a flaw that can be exploited by an attacker to log into a site that they are not a member of. The attacker must have site administrator privileges on a site on the same server.

Impact: An attacker could log into a site they do not have access to.


Vulnerable Versions: 10.0(through 10.0.12), 10.1 (through 10.1.10), 10.2 (through 10.2.4), 10.3 (through 10.3.2)


Resolution: The issue can be fixed by upgrading to the following versions:


Tableau Server 10.0.13

Tableau Server 10.1.11

Tableau Server 10.2.5

Tableau Server 10.3.3