Lucene search
K
TableauTableau Server

22 matches found

CVE
CVE
added 2025/02/11 5:56 p.m.388 views

CVE-2025-26495

CVE-2025-26495 affects Salesforce Tableau Server. The issue is Cleartext Storage of Sensitive Information: Personal Access Tokens (PAT) can be recorded in logging repositories. Affected Tableau Server versions include pre-2022.1.3, pre-2021.4.8, pre-2021.3.13, pre-2021.2.14, pre-2021.1.16, and pr...

7.5CVSS6.6AI score0.00311EPSS
CVE
CVE
added 2019/08/26 4:21 p.m.248 views

CVE-2019-15637

CVE-2019-15637 affects Tableau products (Server/Desktop/Reader/Public Desktop) and is an XXE vulnerability triggered by malicious workbook, extension, or data source. Root cause: XML External Entity processing can lead to information disclosure or DoS. Public references confirm Tableau XXE and in...

8.1CVSS7.5AI score0.14314EPSS
CVE
CVE
added 2021/03/26 4:20 p.m.198 views

CVE-2021-1629

Tableau Server (Tableau Server) is affected by CVE-2021-1629, an open redirect vulnerability arising from the server’s inability to validate certain URLs embedded in emails sent to users. This could allow an attacker to redirect a user to a malicious site via a link in a shared/view email. The is...

6.1CVSS6.2AI score0.01338EPSS
CVE
CVE
added 2019/12/11 3:5 a.m.134 views

CVE-2019-19719

CVE-2019-19719 affects Tableau Server 10.3–2019.4 on Windows and Linux. The vulnerability is an XSS flaw exposed via the embeddedAuthRedirect page, as documented in Red Hat, OpenVAS, and CVE entries. The issue stems from improper handling on the embeddedAuthRedirect flow, enabling cross-site scri...

6.1CVSS5.9AI score0.22037EPSS
CVE
CVE
added 2020/11/23 4:16 p.m.122 views

CVE-2020-6939

CVE-2020-6939 affects Tableau Server installations with Site-Specific SAML and allows the APIs to be used by unauthenticated users. The vulnerability could enable an attacker to configure Site-Specific SAML settings and potentially take over user accounts on the affected site. Affected versions o...

10CVSS9.3AI score0.01804EPSS
CVE
CVE
added 2022/05/25 1:56 p.m.113 views

CVE-2022-22127

Tableau Server (Local Identity Store) is affected by a broken access control vulnerability (CVE-2022-22127). A malicious site administrator can change passwords for users across different sites hosted on the same Tableau Server, enabling unauthorized access to data. Affected versions include 2020...

7.2CVSS6.9AI score0.0097EPSS
CVE
CVE
added 2025/02/11 5:33 p.m.111 views

CVE-2025-26494

CVE-2025-26494 is a Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server that enables authentication bypass on Tableau Server versions 2023.3 through 2023.3.5. The connected sources corroborate the SSRF and the affected range; Red Hat and PT-Security entries provide concr...

7.7CVSS6.7AI score0.00527EPSS
CVE
CVE
added 2022/10/17 12:0 a.m.85 views

CVE-2022-22128

CVE-2022-22128 describes a path traversal vulnerability in Tableau Server’s Administration Agent internal file transfer service that could allow a remote attacker to execute arbitrary code. Affected component: Tableau Server Administration Agent’s file transfer service. Root cause: path traversal...

9.8CVSS9.7AI score0.0134EPSS
CVE
CVE
added 2025/08/22 8:10 p.m.63 views

CVE-2025-26496

CVE-2025-26496 concerns a Type Confusion vulnerability in Salesforce Tableau Server and Tableau Desktop (Windows, Linux) within their File Upload modules, enabling Local Code Inclusion. Affected versions include Tableau Server/Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19. The issu...

9.3CVSS9.8AI score0.00208EPSS
CVE
CVE
added 2025/07/25 7:0 p.m.59 views

CVE-2025-52452

CVE-2025-52452 is a path traversal vulnerability in Salesforce Tableau Server , affecting Tableau Server on Windows and Linux via the tabdoc API and duplicate-data-source modules. The issue allows absolute path traversal and impacts Tableau Server versions prior to 2025.1.3, prior to 2024.2.12, a...

8.5CVSS7AI score0.00416EPSS
CVE
CVE
added 2020/07/08 3:2 p.m.52 views

CVE-2020-6938

CVE-2020-6938 affects Tableau Server (versions 10.5, 2018.x, 2019.x, 2020.x released before 26 June 2020). The vulnerability allows access to sensitive information present in log files. The connected documents do not provide concrete technical details such as the exact vulnerable component, root ...

7.5CVSS7.1AI score0.01223EPSS
CVE
CVE
added 2025/07/25 6:53 p.m.33 views

CVE-2025-52448

CVE-2025-52448 : An authorization bypass in Salesforce Tableau Server on Windows and Linux stems from a vulnerability in the validate-initial-sql API modules that allows interface manipulation and data access to the production database cluster via a user-controlled key. Affected Tableau Server ve...

8.1CVSS6.5AI score0.00335EPSS
CVE
CVE
added 2025/07/25 6:43 p.m.32 views

CVE-2025-52446

CVE-2025-52446 is a verified vulnerability in Salesforce Tableau Server (Windows and Linux) where an authorization bypass occurs via a user-controlled key in the tab-doc API modules, enabling interface manipulation and potential access to the production database cluster. Affected versions are Tab...

8CVSS6.6AI score0.00229EPSS
CVE
CVE
added 2025/07/25 6:50 p.m.32 views

CVE-2025-52447

Summary of CVE-2025-52447: Affected product is Tableau Server (Salesforce) on Windows and Linux. The vulnerability arises from an authorization bypass through the user-controlled set-initial-sql tabdoc command modules, enabling interface manipulation and potential data access to the production da...

8.1CVSS6.7AI score0.00342EPSS
CVE
CVE
added 2025/07/25 6:56 p.m.29 views

CVE-2025-52449

CVE-2025-52449 affects Salesforce Tableau Server’s Extensible Protocol Service modules. An unchecked or unrestricted upload of files with dangerous types can lead to remote code execution via deceptive filenames, as described for Tableau Server versions prior to 2025.1.3, 2024.2.12, and 2023.3.19...

8.5CVSS7.2AI score0.00246EPSS
CVE
CVE
added 2025/07/25 7:5 p.m.24 views

CVE-2025-52453

CVE-2025-52453 is a Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows and Linux, specifically in the Flow Data Source modules, that enables Resource Location Spoofing. Affected Tableau Server versions are before 2025.1.3, before 2024.2.12, and before 2023.3....

8.2CVSS6.7AI score0.00288EPSS
CVE
CVE
added 2025/07/25 7:8 p.m.24 views

CVE-2025-52454

Summary (CVE-2025-52454) : A Server-Side Request Forgery (SSRF) vulnerability exists in Salesforce Tableau Server on Windows and Linux via the Amazon S3 Connector modules, enabling Resource Location Spoofing. Affected versions are Tableau Server before 2025.1.3, before 2024.2.12, and before 2023....

8.2CVSS6.7AI score0.00288EPSS
CVE
CVE
added 2025/08/22 8:13 p.m.23 views

CVE-2025-26497

CVE-2025-26497 affects Salesforce Tableau Server (Flow Editor modules) and enables an Unrestricted Upload of a Dangerous File Type leading to Absolute Path Traversal. Affected are Tableau Server versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19. Root cause: arbitrary file upl...

7.3CVSS6.7AI score0.00254EPSS
CVE
CVE
added 2025/08/22 8:20 p.m.22 views

CVE-2025-52451

CVE-2025-52451 describes an improper input validation in Tableau Server's tabdoc api, specifically the create-data-source-from-file-upload module, enabling Absolute Path Traversal on Tableau Server installations. Affected versions are Tableau Server before 2025.1.3, before 2024.2.12, and before 2...

8.5CVSS6.7AI score0.00194EPSS
CVE
CVE
added 2025/07/25 7:11 p.m.22 views

CVE-2025-52455

Summary (CVE-2025-52455) : This SSRF (Resource Location Spoofing) vulnerability affects Salesforce Tableau Server on Windows and Linux within the EPS Server modules. Concrete details in connected documents show affected versions: Tableau Server before 2025.1.3, before 2024.2.12, and before 2023.3...

5.3CVSS6.7AI score0.00319EPSS
CVE
CVE
added 2025/08/22 8:16 p.m.18 views

CVE-2025-26498

CVE-2025-26498 affects Tableau Server (Salesforce Tableau Server on Windows/Linux) due to an Unrestricted Upload of File with Dangerous Type via the establish-connection-no-undo modules, enabling absolute path traversal. Affected versions are Tableau Server prior to 2025.1.3, prior to 2024.2.12, ...

7.3CVSS6.7AI score0.00254EPSS
CVE
CVE
added 2025/08/22 8:18 p.m.18 views

CVE-2025-52450

CVE-2025-52450 describes an Absolute Path Traversal in Salesforce Tableau Server on Windows and Linux via the abdoc api - create-data-source-from-file-upload modules. Affected Tableau Server versions are before 2025.1.3, before 2024.2.12, and before 2023.3.19. The vulnerability is triggered by im...

6.5CVSS6.5AI score0.00379EPSS