Highest overall severity: High

 

Summary:

A user connecting to a malicious Tableau Server instance with Tableau Prep Builder can trigger a vulnerability in the version of Electron used by Tableau Prep Builder. Electron is an open-source development framework.

 

Impact:

An attacker exploiting this vulnerability may be able to execute arbitrary code or cause a crash.

 

Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep Builder | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.

 

Tableau Server

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.

 

Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.

 

Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.

Tableau Prep Builder (Back to top of page)

Severity: High
CVSS3 Score: AV:N AC:H PR:N UI:R S:U C:H I:H A:H - 7.5 High
Product specific notes:

 

Vulnerable versions:

  • Tableau Prep Builder 2018.1.1 through 2019.1.2

 

Resolved in versions:

  • Tableau Prep Builder 2019.1.3

 

Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.

 

Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.

 

Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.