22 matches found
CVE-2025-26495
CVE-2025-26495 affects Salesforce Tableau Server. The issue is Cleartext Storage of Sensitive Information: Personal Access Tokens (PAT) can be recorded in logging repositories. Affected Tableau Server versions include pre-2022.1.3, pre-2021.4.8, pre-2021.3.13, pre-2021.2.14, pre-2021.1.16, and pr...
CVE-2019-15637
CVE-2019-15637 affects Tableau products (Server/Desktop/Reader/Public Desktop) and is an XXE vulnerability triggered by malicious workbook, extension, or data source. Root cause: XML External Entity processing can lead to information disclosure or DoS. Public references confirm Tableau XXE and in...
CVE-2021-1629
Tableau Server (Tableau Server) is affected by CVE-2021-1629, an open redirect vulnerability arising from the server’s inability to validate certain URLs embedded in emails sent to users. This could allow an attacker to redirect a user to a malicious site via a link in a shared/view email. The is...
CVE-2019-19719
CVE-2019-19719 affects Tableau Server 10.3–2019.4 on Windows and Linux. The vulnerability is an XSS flaw exposed via the embeddedAuthRedirect page, as documented in Red Hat, OpenVAS, and CVE entries. The issue stems from improper handling on the embeddedAuthRedirect flow, enabling cross-site scri...
CVE-2020-6939
CVE-2020-6939 affects Tableau Server installations with Site-Specific SAML and allows the APIs to be used by unauthenticated users. The vulnerability could enable an attacker to configure Site-Specific SAML settings and potentially take over user accounts on the affected site. Affected versions o...
CVE-2022-22127
Tableau Server (Local Identity Store) is affected by a broken access control vulnerability (CVE-2022-22127). A malicious site administrator can change passwords for users across different sites hosted on the same Tableau Server, enabling unauthorized access to data. Affected versions include 2020...
CVE-2025-26494
CVE-2025-26494 is a Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server that enables authentication bypass on Tableau Server versions 2023.3 through 2023.3.5. The connected sources corroborate the SSRF and the affected range; Red Hat and PT-Security entries provide concr...
CVE-2022-22128
CVE-2022-22128 describes a path traversal vulnerability in Tableau Server’s Administration Agent internal file transfer service that could allow a remote attacker to execute arbitrary code. Affected component: Tableau Server Administration Agent’s file transfer service. Root cause: path traversal...
CVE-2025-26496
CVE-2025-26496 concerns a Type Confusion vulnerability in Salesforce Tableau Server and Tableau Desktop (Windows, Linux) within their File Upload modules, enabling Local Code Inclusion. Affected versions include Tableau Server/Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19. The issu...
CVE-2025-52452
CVE-2025-52452 is a path traversal vulnerability in Salesforce Tableau Server , affecting Tableau Server on Windows and Linux via the tabdoc API and duplicate-data-source modules. The issue allows absolute path traversal and impacts Tableau Server versions prior to 2025.1.3, prior to 2024.2.12, a...
CVE-2020-6938
CVE-2020-6938 affects Tableau Server (versions 10.5, 2018.x, 2019.x, 2020.x released before 26 June 2020). The vulnerability allows access to sensitive information present in log files. The connected documents do not provide concrete technical details such as the exact vulnerable component, root ...
CVE-2025-52448
CVE-2025-52448 : An authorization bypass in Salesforce Tableau Server on Windows and Linux stems from a vulnerability in the validate-initial-sql API modules that allows interface manipulation and data access to the production database cluster via a user-controlled key. Affected Tableau Server ve...
CVE-2025-52446
CVE-2025-52446 is a verified vulnerability in Salesforce Tableau Server (Windows and Linux) where an authorization bypass occurs via a user-controlled key in the tab-doc API modules, enabling interface manipulation and potential access to the production database cluster. Affected versions are Tab...
CVE-2025-52447
Summary of CVE-2025-52447: Affected product is Tableau Server (Salesforce) on Windows and Linux. The vulnerability arises from an authorization bypass through the user-controlled set-initial-sql tabdoc command modules, enabling interface manipulation and potential data access to the production da...
CVE-2025-52449
CVE-2025-52449 affects Salesforce Tableau Server’s Extensible Protocol Service modules. An unchecked or unrestricted upload of files with dangerous types can lead to remote code execution via deceptive filenames, as described for Tableau Server versions prior to 2025.1.3, 2024.2.12, and 2023.3.19...
CVE-2025-52453
CVE-2025-52453 is a Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows and Linux, specifically in the Flow Data Source modules, that enables Resource Location Spoofing. Affected Tableau Server versions are before 2025.1.3, before 2024.2.12, and before 2023.3....
CVE-2025-52454
Summary (CVE-2025-52454) : A Server-Side Request Forgery (SSRF) vulnerability exists in Salesforce Tableau Server on Windows and Linux via the Amazon S3 Connector modules, enabling Resource Location Spoofing. Affected versions are Tableau Server before 2025.1.3, before 2024.2.12, and before 2023....
CVE-2025-26497
CVE-2025-26497 affects Salesforce Tableau Server (Flow Editor modules) and enables an Unrestricted Upload of a Dangerous File Type leading to Absolute Path Traversal. Affected are Tableau Server versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19. Root cause: arbitrary file upl...
CVE-2025-52451
CVE-2025-52451 describes an improper input validation in Tableau Server's tabdoc api, specifically the create-data-source-from-file-upload module, enabling Absolute Path Traversal on Tableau Server installations. Affected versions are Tableau Server before 2025.1.3, before 2024.2.12, and before 2...
CVE-2025-52455
Summary (CVE-2025-52455) : This SSRF (Resource Location Spoofing) vulnerability affects Salesforce Tableau Server on Windows and Linux within the EPS Server modules. Concrete details in connected documents show affected versions: Tableau Server before 2025.1.3, before 2024.2.12, and before 2023.3...
CVE-2025-26498
CVE-2025-26498 affects Tableau Server (Salesforce Tableau Server on Windows/Linux) due to an Unrestricted Upload of File with Dangerous Type via the establish-connection-no-undo modules, enabling absolute path traversal. Affected versions are Tableau Server prior to 2025.1.3, prior to 2024.2.12, ...
CVE-2025-52450
CVE-2025-52450 describes an Absolute Path Traversal in Salesforce Tableau Server on Windows and Linux via the abdoc api - create-data-source-from-file-upload modules. Affected Tableau Server versions are before 2025.1.3, before 2024.2.12, and before 2023.3.19. The vulnerability is triggered by im...