Summary:

Tableau Server makes use of the FlexNet Publishing (FNP) service to manage software licenses. The FNP service listens on all interfaces. For information about the ports that are used, see Tableau Services Manager Ports. We recommend that you follow item 6, "Restrict access to the server computer and to important directories" of the Tableau Server Security Hardening Checklist (Windows | Linux). Tableau Server is designed to operate in an isolated network. Therefore, if you are running Tableau Server on Linux, configure the host firewall. If you are running Tableau Server on Windows, verify that Windows Firewall is configured.

The following CVEs have been addressed:


Impact:

On Tableau Server on Windows the FNP service, running as process lmgrd, runs as the LocalService account. This account has limited access on the host but does have access to Tableau Server configuration secrets in versions 2018.2.0 and later. In versions 10.3 through 10.5, the FNP service runs as the LocalService account but does not have access to Tableau Server configuration data. On Tableau Server on Linux the FNP service, running as the process lmgrd, runs as the 'tableau' user and has access to all Tableau Server data.

 

Products and Versions: Tableau Server | Tableau Desktop | Tableau Bridge | Tableau Prep | Tableau Reader | Tableau Mobile | Tableau Public Desktop
*Versions that are no longer supported are not tested and may be vulnerable.


Tableau Server

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: None

Vulnerable versions:

  • Tableau Server on Linux 10.5 through 10.5.20
  • Tableau Server on Linux 2018.1 through 2018.1.17
  • Tableau Server on Linux 2018.2 through 2018.2.14
  • Tableau Server on Linux 2018.3 through 2018.3.11
  • Tableau Server on Linux 2019.1 through 2019.1.8
  • Tableau Server on Linux 2019.2 through 2019.2.4
  • Tableau Server on Linux 2019.3 through 2019.3.0

  • Tableau Server on Windows 10.3.0 through 10.3.X - will not be fixed
  • Tableau Server on Windows 10.4.0 through 10.4.21
  • Tableau Server on Windows 10.5.0 through 10.5.20
  • Tableau Server on Windows 2018.1 through 2018.1.17
  • Tableau Server on Windows 2018.2 through 2018.2.14
  • Tableau Server on Windows 2018.3 through 2018.3.11
  • Tableau Server on Windows 2019.1 through 2019.1.8
  • Tableau Server on Windows 2019.2 through 2019.2.4
  • Tableau Server on Windows 2019.3 through 2019.3.0


Resolved in versions:

  • Tableau Server on Linux 10.5.21
  • Tableau Server on Linux 2018.1.18
  • Tableau Server on Linux 2018.2.15
  • Tableau Server on Linux 2018.3.12
  • Tableau Server on Linux 2019.1.9
  • Tableau Server on Linux 2019.2.5
  • Tableau Server on Linux 2019.3.1

  • Tableau Server on Windows 10.4.22
  • Tableau Server on Windows 10.5.21
  • Tableau Server on Windows 2018.1.18
  • Tableau Server on Windows 2018.2.15
  • Tableau Server on Windows 2018.3.12
  • Tableau Server on Windows 2019.1.9
  • Tableau Server on Windows 2019.2.5
  • Tableau Server on Windows 2019.3.1

 

Tableau Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Bridge (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Prep (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Reader (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Mobile (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.

 

Tableau Public Desktop (Back to top of page)

Severity: N/A
CVSS3 Score: N/A
Product Specific Notes: Not affected.