13 matches found
CVE-2025-26496
CVE-2025-26496 concerns a Type Confusion vulnerability in Salesforce Tableau Server and Tableau Desktop (Windows, Linux) within their File Upload modules, enabling Local Code Inclusion. Affected versions include Tableau Server/Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19. The issu...
CVE-2025-52452
CVE-2025-52452 is a path traversal vulnerability in Salesforce Tableau Server , affecting Tableau Server on Windows and Linux via the tabdoc API and duplicate-data-source modules. The issue allows absolute path traversal and impacts Tableau Server versions prior to 2025.1.3, prior to 2024.2.12, a...
CVE-2025-52448
CVE-2025-52448 : An authorization bypass in Salesforce Tableau Server on Windows and Linux stems from a vulnerability in the validate-initial-sql API modules that allows interface manipulation and data access to the production database cluster via a user-controlled key. Affected Tableau Server ve...
CVE-2025-52446
CVE-2025-52446 is a verified vulnerability in Salesforce Tableau Server (Windows and Linux) where an authorization bypass occurs via a user-controlled key in the tab-doc API modules, enabling interface manipulation and potential access to the production database cluster. Affected versions are Tab...
CVE-2025-52447
Summary of CVE-2025-52447: Affected product is Tableau Server (Salesforce) on Windows and Linux. The vulnerability arises from an authorization bypass through the user-controlled set-initial-sql tabdoc command modules, enabling interface manipulation and potential data access to the production da...
CVE-2025-52449
CVE-2025-52449 affects Salesforce Tableau Server’s Extensible Protocol Service modules. An unchecked or unrestricted upload of files with dangerous types can lead to remote code execution via deceptive filenames, as described for Tableau Server versions prior to 2025.1.3, 2024.2.12, and 2023.3.19...
CVE-2025-26497
CVE-2025-26497 affects Salesforce Tableau Server (Flow Editor modules) and enables an Unrestricted Upload of a Dangerous File Type leading to Absolute Path Traversal. Affected are Tableau Server versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19. Root cause: arbitrary file upl...
CVE-2025-52454
Summary (CVE-2025-52454) : A Server-Side Request Forgery (SSRF) vulnerability exists in Salesforce Tableau Server on Windows and Linux via the Amazon S3 Connector modules, enabling Resource Location Spoofing. Affected versions are Tableau Server before 2025.1.3, before 2024.2.12, and before 2023....
CVE-2025-52453
CVE-2025-52453 is a Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows and Linux, specifically in the Flow Data Source modules, that enables Resource Location Spoofing. Affected Tableau Server versions are before 2025.1.3, before 2024.2.12, and before 2023.3....
CVE-2025-52451
CVE-2025-52451 describes an improper input validation in Tableau Server's tabdoc api, specifically the create-data-source-from-file-upload module, enabling Absolute Path Traversal on Tableau Server installations. Affected versions are Tableau Server before 2025.1.3, before 2024.2.12, and before 2...
CVE-2025-52455
Summary (CVE-2025-52455) : This SSRF (Resource Location Spoofing) vulnerability affects Salesforce Tableau Server on Windows and Linux within the EPS Server modules. Concrete details in connected documents show affected versions: Tableau Server before 2025.1.3, before 2024.2.12, and before 2023.3...
CVE-2025-52450
CVE-2025-52450 describes an Absolute Path Traversal in Salesforce Tableau Server on Windows and Linux via the abdoc api - create-data-source-from-file-upload modules. Affected Tableau Server versions are before 2025.1.3, before 2024.2.12, and before 2023.3.19. The vulnerability is triggered by im...
CVE-2025-26498
CVE-2025-26498 affects Tableau Server (Salesforce Tableau Server on Windows/Linux) due to an Unrestricted Upload of File with Dangerous Type via the establish-connection-no-undo modules, enabling absolute path traversal. Affected versions are Tableau Server prior to 2025.1.3, prior to 2024.2.12, ...