2018 Security and Informational Bulletins

Version 1

    2018 Security Bulletins

    1. [Important] ADV-2018-001: Heap Overflow in Tableau Server and Tableau Desktop
    2. [Important] ADV-2018-002: Spectre Vulnerability in Tableau Desktop and Tableau Server
    3. [Important] ADV-2018-003: Cross-site Friendly User Name Disclosure on Tableau Server
    4. [Important] ADV-2018-004: Cross-site User Image Disclosure on Tableau Server
    5. [Important] ADV-2018-005: Tableau Services Manager Logs Sensitive Configuration Value
    6. [Important] ADV-2018-006: Tableau Services Manager exposes sensitive information
    7. [Important] ADV-2018-007: Tableau Server repository 'readonly' and 'tableau' have elevated access
    8. [Important] ADV-2018-008: Information disclosure for Tableau Server from authenticated API calls
    9. [Important] ADV-2018-009: Tableau Services Manager Exposes Sensitive Values
    10. [Important] ADV-2018-010: Code execution on Tableau Server and Tableau Desktop
    11. [Important] ADV-2018-011: Tableau Services Manager CLI Logs Sensitive Values
    12. [Important] ADV-2018-012: Unspecified High Severity Issue in Java JRE
    13. [Important] ADV-2018-013: Tabcmd Utility Logs Passwords
    14. [Important] ADV-2018-014: Web Authoring Does Not Respect “Require SSL” Option
    15. [Important] ADV-2018-015: Authentication bypass in REST service
    16. [Important] ADV-2018-016: Datasource Credentials Logged When Loglevel is set to Debug
    17. [Important] ADV-2018-017: Filenames within TFLX files are not properly validated
    18. [Important] ADV-2018-018: UnixODBC Driver Update
    19. [Important] ADV-2018-019: Malicious Dashboard Extensions Can Trigger JavaScript Vulnerability
    20. [Important] ADV-2018-020: Tableau Server Discloses Local IP Address in Redirect
    21. [Important] ADV-2018-021: Workbook XSS Vulnerability in Tableau Server
    22. [Important] ADV-2018-022: Tableau Server updates Java JRE for July 2018
    23. [Important] ADV-2018-023: Partial password written to log file
    24. [Important] ADV-2018-024: Malicious Workbook Can Result in Heap Corruption
    25. [Important] Adv-2018-025: TSM Web UI Session Does Not Expire
    26. [Important] ADV-2018-026: Backgrounder Service Fails to Process Job
    27. [Important] ADV-2018-027: Ziplogs Contain Sensitive Information


    2018 Informational Bulletins

    1. [Informational] INF-2018-001: CPU Speculative Execution Vulnerabilities