) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:tableau:tableau_server:2018.3.17:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2020-6939 |
Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2. Published: November 23, 2020; 12:15:12 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2020-6938 |
A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files. Published: July 08, 2020; 12:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2019-19719 |
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page. Published: December 10, 2019; 11:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15637 |
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop. Published: August 26, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 5.5 MEDIUM |