• [Important] ADV-2017-022: Site SAML logs are available to non-administrator users on Tableau Server

    Severity: Medium   Summary:  A vulnerable version of Tableau Server configured for Site SAML contains a flaw that can be exploited by an authenticated user. The user, after authenticating to a given site, c...
    John Speare
    last modified by John Speare
  • Questions and Answers regarding ADV-2017-013: Privilege escalation in Tableau Server

    The following contains more details regarding the security bulletin ADV-2017-013: Unauthenticated privilege escalation when Server SAML is configured on Tableau Server   Below are details on: How to check if you...
    Matt Gizbert
    last modified by Matt Gizbert
  • Questions and Answers regarding ADV-2017-001: Privilege escalation in Tableau Server

    The following contains more details regarding the security bulletin ADV-2017-001: Privilege escalation in Tableau Server   Below are details on: How to check if your system is vulnerable How to mitigate the vul...
    Erik Pearson
    last modified by Erik Pearson
  • Heartbleed Vulnerability

    Article Note: This article is no longer actively maintained by Tableau. We continue to make it available because the information is still valuable, but some steps may vary due to product changes. If you or your organ...
    Erik Pearson
    last modified by Erik Pearson
  • ADV-2015-001 Security Advisory: Buffer Overflow Vulnerability

    Severity: Critical   Description: Due to a buffer overflow in a third-party component of Tableau Server, remote attackers could cause a denial of service or inject and run arbitrary code on the computer running ...
    Erik Pearson
    last modified by Erik Pearson
  • ADV-2015-002 Security Advisory: Server Configure Information Disclosure

    Severity: High   Description: An authorized user can send carefully crafted input that results in disclosure of server configuration information.   Vulnerable Versions: Tableau Server 8.1 (through 8.1.23),...
    Erik Pearson
    last modified by Erik Pearson
  • ADV-2016-001 Security Advisory: Salesforce Canvas Adapter for Tableau Can Allow Unauthorized User Impersonation

    Severity: Medium   Description: When Salesforce Canvas Adapter for Tableau (also known as Tableau Sparkler) is used with Salesforce, under certain circumstances an authenticated user can impersonate another Tabl...
    Erik Pearson
    last modified by Erik Pearson
  • ADV-2016-005: Security Advisory: Information disclosure in Tableau Server

    Severity: High   Description: An unauthenticated remote attacker can send a specially crafted message that results in the disclosure of information from Tableau Server.   Vulnerable Versions: Tableau Serve...
    Erik Pearson
    last modified by Erik Pearson
  • ADV-2015-003 Security Advisory: Saved Workbooks May Contain Data Source Credentials

    Severity: Medium   Description: Under certain conditions a user might inadvertently store the credentials (such as username and password) for a data source (such as a database login) in a workbook.   Vulne...
    Erik Pearson
    last modified by Erik Pearson
  • Security Advisory: Guest Users Can See Data As the Publisher User

    Severity: Low   Summary: Under certain conditions a user who accesses a workbook as a Guest user can view data as the publisher of the data.   Vulnerable Versions: Tableau Server 9.0.0 (through 9.0.2) ...
    Erik Pearson
    last modified by Erik Pearson
  • Security Advisory: On Locked or Suspended Sites, Customers Can Sign In Using Trusted Tickets

    Severity: Medium   Summary: Users who access Tableau Server using trusted authentication can still sign in to sites that have been suspended or locked. Sites can be suspended by a server administrator, and can be...
    Erik Pearson
    last modified by Erik Pearson
  • Security Advisory: Users Can Be Impersonated

    Severity: High   Summary: A user can send a specially crafted request to Tableau Server that allows the user to impersonate a different user.   Vulnerable Versions: Tableau Server 8.1 (through 8.1.20), 8.2 (...
    Erik Pearson
    last modified by Erik Pearson
  • Security Advisory: Workbook Shows Data From Different Site

    Severity: Medium   Summary: Under certain conditions, a workbook viewed on Tableau Server shows data from a published data source on another site.   Vulnerable Versions: Tableau Server 9.0 (through 9.0.2) &#...
    Erik Pearson
    last modified by Erik Pearson
  • [Important] ADV-2016-004- Information Regarding: CVE-2016-2107

    Severity: Medium   Summary: On May 3, 2016 OpenSSL announced a patch for a medium severity vulnerability, CVE-2016-2107 which may continue to impact Tableau Server users.   Vulnerable versions: Tableau Ser...
    Erik Pearson
    last modified by Erik Pearson
  • [Informational] INF-2016-007: May 3, 2016 Open SSL Vulnerabilities

    Summary: OpenSSL announced two high severity vulnerabilities, CVE-2016-2108 and CVE-2016-2107. Please see ADV-2016-004- Information Regarding: CVE-2016-2107 and ADV-2016-003- Information Regarding: CVE-2016-2108 for t...
    Erik Pearson
    last modified by Erik Pearson
  • ADV-2016-003- Information Regarding: CVE-2016-2108

    Severity: High   Summary: On May 3, 2016 OpenSSL announced a patch for a high severity vulnerability, CVE-2016-2108 which may continue to impact Tableau Server users.   Vulnerable Versions: Tableau Server&...
    Erik Pearson
    last modified by Erik Pearson
  • [Informational]  INF-2016-006:  Tableau Software Products Unaffected by CVE-2016-0800  “DROWN”

    Summary: On March 1, 2016, a new vulnerability  in OpenSSL that affects servers using SSLv2 was revealed: CVE-2016-0800. The vulnerability, also known as DROWN,  is an attack that could decrypt secure HTTPS ...
    Erik Pearson
    last modified by Erik Pearson
  • [Important]  ADV-2016-002:  Tableau Statement on glibc Vulerability

    Summary: On February 16, 2016, Google and Red Hat announced a high-severity vulnerability in the glibc library. No Tableau products include the glibc library.   However, the Tableau SDK for Linux links to whatev...
    Erik Pearson
    last modified by Erik Pearson
  • [Informational]  INF-2016-005:  Installation Failed When Downloading Products on Mac

    Summery: You may have noticed an error message that is displayed when downloading Tableau products using Mac computers indicating that "The installation failed. The Installer encountered an error that caused the insta...
    Erik Pearson
    last modified by Erik Pearson