Highest overall severity: Medium


Summary:

Tableau Server generates an error page that contains a user-supplied string.


Impact:

A user that clicks on a link will be presented an error message that contains a string entered by another user.


Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep Builder | Tableau Reader | Tableau Mobile | Tableau Public Desktop
Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: Medium

CVSS3 Score: AV:N AC:L PR:N UI:R S:C C:N I:L A:N - 4.7 Medium


Vulnerable versions:

  • Tableau Server on Windows 2018.2 through 2018.2.9
  • Tableau Server on Windows 2018.3 through 2018.3.6
  • Tableau Server on Windows 2019.1 through 2019.1.3

  • Tableau Server on Windows 2018.2 through 2018.2.9
  • Tableau Server on Windows 2018.3 through 2018.3.6
  • Tableau Server on Windows 2019.1 through 2019.1.3


Resolved in versions:

  • Tableau Server on Windows 2018.2.10
  • Tableau Server on Windows 2019.3.7
  • Tableau Server on Windows 2019.1.4

  • Tableau Server on Linux 2018.2.10
  • Tableau Server on Linux 2019.3.7
  • Tableau Server on Linux 2019.1.4


Tableau Desktop (Back to top of page)

Severity: N/A

CVSS3 Score: N/A

Product specific notes:  Not affected.


Tableau Bridge (Back to top of page)

Severity: N/A

CVSS3 Score: N/A

Product specific notes:  Not affected.


Tableau Prep Builder (Back to top of page)

Severity: N/A

CVSS3 Score: N/A

Product specific notes:  Not affected.


Tableau Reader (Back to top of page)

Severity: N/A

CVSS3 Score: N/A

Product specific notes:  Not affected.


Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product specific notes: Not affected.


Tableau Public Desktop (Back to top of page)

Severity: N/A

CVSS3 Score: N/A

Product specific notes:  Not affected.