Highest overall severity: High


Summary:

Two CVEs related to NTLM authentication with libcurl are addressed.
CVE-2018-16890
CVE-2019-3822


Impact:

When using NTLM to authenticate to a web site there is a possibility of an out-of-bounds read and write. This could lead to remote code execution or a crash.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep Builder | Tableau Reader | Tableau Mobile | Tableau Public Desktop
Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Desktop (Back to top of page)

Severity: High CVSS3 Score: AV:N AC:H PR:N UI:R S:U C:H I:H A:H - 7.5
Product specific notes:
       Opening a malicious workbook or connecting to a malicious Tableau Server instance can trigger this vulnerability.


Vulnerable versions:

  • Tableau Desktop on Windows 10.1 through 10.1.22
  • Tableau Desktop on Windows 10.2 through 10.2.18
  • Tableau Desktop on Windows 10.3 through 10.3.18
  • Tableau Desktop on Windows 10.4 through 10.4.14
  • Tableau Desktop on Windows 10.5 through 10.5.13
  • Tableau Desktop on Windows 2018.1 through 2018.1.10
  • Tableau Desktop on Windows 2018.2 through 2018.2.7
  • Tableau Desktop on Windows 2018.3 through 2018.3.4
  • Tableau Desktop on Windows 2019.1 through 2019.1.1

  • Tableau Desktop on Mac 10.1 through 10.1.22
  • Tableau Desktop on Mac 10.2 through 10.2.18
  • Tableau Desktop on Mac 10.3 through 10.3.18
  • Tableau Desktop on Mac 10.4 through 10.4.14
  • Tableau Desktop on Mac 10.5 through 10.5.13
  • Tableau Desktop on Mac 2018.1 through 2018.1.10
  • Tableau Desktop on Mac 2018.2 through 2018.2.7
  • Tableau Desktop on Mac 2018.3 through 2018.3.4
  • Tableau Desktop on Mac 2019.1 through 2019.1.1


Resolved in versions:

  • Tableau Desktop on Windows 10.1.23
  • Tableau Desktop on Windows 10.2.19
  • Tableau Desktop on Windows 10.3.19
  • Tableau Desktop on Windows 10.4.15
  • Tableau Desktop on Windows 10.5.14
  • Tableau Desktop on Windows 2018.1.11
  • Tableau Desktop on Windows 2018.2.8
  • Tableau Desktop on Windows 2018.3.5
  • Tableau Desktop on Windows 2019.1.2

  • Tableau Desktop on Mac 10.1.23
  • Tableau Desktop on Mac 10.2.19
  • Tableau Desktop on Mac 10.3.19
  • Tableau Desktop on Mac 10.4.15
  • Tableau Desktop on Mac 10.5.14
  • Tableau Desktop on Mac 2018.1.11
  • Tableau Desktop on Mac 2018.2.8
  • Tableau Desktop on Mac 2018.3.5
  • Tableau Desktop on Mac 2019.1.2


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Prep Builder (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.