Severity: High

 

Summary: Tableau Server makes use of the Java JRE. The July 2018 updates to the Java JRE contained an unspecified High severity issue (CVE-2018-2942) that might present a risk to Tableau Server.

 

Impact: From http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixJAVA

Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

 

This vulnerability may allow for the compromise of the integrity, confidentiality and availability of Tableau Server.

 

Vulnerable Versions:  The following versions have this vulnerability:

Tableau Server 10.0 through 10.0.20

Tableau Server 10.1 through 10.1.19

Tableau Server 10.2 through 10.2.15

Tableau Server 10.3 through 10.3.15

Tableau Server 10.4 through 10.4.11

Tableau Server 10.5 through 10.5.8

Tableau Server 2018.1 through 2018.1.5

Tableau Server 2018.2 through 2018.2.2

Tableau Server on Linux 10.5 through 10.5.8

Tableau Server on Linux 2018.1 through 2018.1.5

Tableau Server on Linux 2018.2 through 2018.2.2

 

 

Resolution: The issue can be fixed by upgrading to the following version:

Tableau Server 10.0.21

Tableau Server 10.1.20

Tableau Server 10.2.16

Tableau Server 10.3.16

Tableau Server 10.4.12

Tableau Server 10.5.9

Tableau Server 2018.1.6

Tableau Server 2018.2.3

Tableau Server on Linux 10.5.9

Tableau Server on Linux 2018.1.6

Tableau Server on Linux 2018.2.3