Lucene search

MitreCVELIST:CVE-2019-15637

HistoryAug 26, 2019 - 4:21 p.m.

CVE-2019-15637

2019-08-2616:21:07

mitre

www.cve.org

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

AI Score

7.7

Confidence

High

EPSS

0.077

Percentile

94.3%

JSON

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.

References

community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products

github.com/minecrater/exploits/blob/master/TableauXXE.py

packetstormsecurity.com/files/154232/Tableau-XML-Injection.html

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

AI Score

7.7

Confidence

High

EPSS

0.077

Percentile

94.3%

JSON

Related for CVELIST:CVE-2019-15637