Summary: A vulnerable version of Tableau Server configured for Site SAML contains a flaw that can be exploited by an attacker to log into a site that they are not a member of. The attacker must have site administrator privileges on a site on the same server.
Impact: An attacker could log into a site they do not have access to.
Vulnerable Versions: 10.0(through 10.0.12), 10.1 (through 10.1.10), 10.2 (through 10.2.4), 10.3 (through 10.3.2)
Resolution: The issue can be fixed by upgrading to the following versions:
Tableau Server 10.0.13
Tableau Server 10.1.11
Tableau Server 10.2.5
Tableau Server 10.3.3