Severity: High


Summary: This vulnerability requires that a malicious user embeds specific parameters in a Tableau workbook. The malicious user must also have rights to publish the workbook on Tableau Server. Alternatively, the malicious user must convince a victim to open the affected workbook in Tableau Desktop.


Impact: A memory corruption error can occur. This memory corruption might result in arbitrary code execution or a crash.


Vulnerable Versions:  The following versions have this vulnerability:

Tableau Server 2018.3.0

Tableau Server on Linux 2018.3.0


Tableau Desktop 2018.3.0



Resolution: The issue can be fixed by upgrading to the following version:

Tableau Server 2018.3.1

Tableau Server on Linux 2018.3.1


Tableau Desktop 2018.3.1