| Added |
CVSS V3 |
|
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
| Added |
CVSS V2 |
|
(AV:N/AC:L/Au:S/C:P/I:N/A:P)
|
| Added |
CWE |
|
CWE-611
|
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 10.2 up to (including) 10.2.23
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 10.3 up to (including) 10.3.23
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 10.4 up to (including) 10.4.19
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 10.5 up to (including) 10.5.18
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 2018.1 up to (including) 2018.1.15
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 2018.2 up to (including) 2018.2.12
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 2018.3 up to (including) 2018.3.9
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 2019.1 up to (including) 2019.1.6
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 2019.2 up to (including) 2019.2.2
OR
cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*
|
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 10.2 up to (including) 10.2.23
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 10.3 up to (including) 10.3.23
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 10.4 up to (including) 10.4.19
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 10.5 up to (including) 10.5.18
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 2018.1 up to (including) 2018.1.15
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 2018.2 up to (including) 2018.2.12
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 2018.3 up to (including) 2018.3.9
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 2019.1 up to (including) 2019.1.6
*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:* versions from (including) 2019.2 up to (including) 2019.2.2
OR
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
|
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:a:tableau:tableau_public_desktop:*:*:*:*:*:*:*:* versions from (including) 10.2 up to (including) 10.2.2
OR
cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
|
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:a:tableau:tableau_reader:*:*:*:*:*:*:*:* versions from (including) 10.2 up to (including) 10.2.2
OR
cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
|
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 10.2 up to (including) 10.2.23
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 10.3 up to (including) 10.3.23
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 10.4 up to (including) 10.4.19
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 10.5 up to (including) 10.5.18
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 2018.1 up to (including) 2018.1.15
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 2018.2 up to (including) 2018.12
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 2018.3 up to (including) 2018.3.9
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 2019.1 up to (including) 2019.1.6
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 2019.2 up to (including) 2019.2.2
OR
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
|
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 10.5 up to (including) 10.5.18
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 2018.1 up to (including) 2018.1.15
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 2018.2 up to (including) 2018.12
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 2018.3 up to (including) 2018.3.9
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 2019.1 up to (including) 2019.1.6
*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* versions from (including) 2019.2 up to (including) 2019.2.2
OR
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
|
| Changed |
Reference Type |
https://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products No Types Assigned
|
https://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products Vendor Advisory
|
| Changed |
Reference Type |
https://github.com/minecrater/exploits/blob/master/TableauXXE.py No Types Assigned
|
https://github.com/minecrater/exploits/blob/master/TableauXXE.py Exploit, Third Party Advisory
|
| Changed |
Reference Type |
https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html No Types Assigned
|
https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html Exploit, Third Party Advisory, VDB Entry
|
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
