Highest overall severity: Medium


Summary:

The Tableau Prep Builder CLI tool logs complete requests made to Tableau Server. The sign in request contains the username and password used to authenticate to Tableau Server when publishing a data source.


Impact:

Users with access to the Tableau Prep Builder CLI log files can learn the username and password used to authenticate to Tableau Server.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep Builder | Tableau Reader | Tableau Mobile | Tableau Public Desktop
Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Prep Builder (Back to top of page)

Severity: Medium
CVSS3 Score: AV:L AC:L PR:L UI:N S:U C:H I:N A:N - 5.5 Medium
Product specific notes:


Vulnerable versions:

  • Tableau Prep Builder 2018.1.1 through 2019.1.3


Resolved in versions:

  • Tableau Prep Builder 2019.1.4


Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.