Summary: Thetabcmdutility logs all commands and their parameters to a local log file. When sensitive parameters are given, such as the password parameter used to authenticate to Tableau Server the value is written to the log in plaintext.
Impact: Malicious users with access to the tabcmd logs can access passwords that are used for authenticating to Tableau Server.
VulnerableVersions: The following versions have this vulnerability:
Tableau Server: 9.2 through 9.2.24
Tableau Server: 9.3 through 9.3.22
Tableau Server: 10.0 through 10.0.18
Tableau Server: 10.1 through 10.1.17
Tableau Server: 10.2 through 10.2.13
Tableau Server: 10.3 through 10.3.11
Tableau Server: 10.4 through 10.4.7
Tableau Server on Windows: 10.5 through 10.5.4
Tableau Server on Linux: 10.5 through 10.5.4
Tableau Server on Windows: 2018.1.1
Tableau Server on Linux: 2018.1.1
Resolution: The issue can be fixed by upgrading to the following version: