Severity: High

 

Summary: Tableau Server installs and uses the Java JRE. The April 2018 updates to the Java JRE contained an unspecified high severity issue (CVE-2018-2783) that may present a risk to Tableau Server.

 

Impact: From http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixJAVA :

(The vulnerability) applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

 

Vulnerable Versions:  The following versions have this vulnerability:

Tableau Server: 9.2 through 9.2.24

Tableau Server: 9.3 through 9.3.22

Tableau Server: 10.0 through 10.0.18

Tableau Server: 10.1 through 10.1.17

Tableau Server: 10.2 through 10.2.13

Tableau Server: 10.3 through 10.3.11

Tableau Server: 10.4 through 10.4.7

Tableau Server on Windows: 10.5 through 10.5.4

Tableau Server on Linux: 10.5 through 10.5.4

Tableau Server on Windows: 2018.1.1

Tableau Server on Linux: 2018.1.1

 

Resolution: The issue can be fixed by upgrading to the following version, which includes an updated version of the Java JRE:

Tableau Server: 9.2.25

Tableau Server: 9.3.23

Tableau Server: 10.0.19

Tableau Server: 10.1.18

Tableau Server: 10.2.14

Tableau Server: 10.3.12

Tableau Server: 10.4.8

Tableau Server on Windows: 10.5.5

Tableau Server on Linux: 10.5.5

Tableau Server on Windows: 2018.1.2

Tableau Server on Linux: 2018.1.2

 

More information: NIST CVE-2018-2783