Lucene search
K

13 matches found

CVE
CVE
added 2025/08/22 8:10 p.m.66 views

CVE-2025-26496

CVE-2025-26496 concerns a Type Confusion vulnerability in Salesforce Tableau Server and Tableau Desktop (Windows, Linux) within their File Upload modules, enabling Local Code Inclusion. Affected versions include Tableau Server/Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19. The issu...

9.3CVSS9.8AI score0.00208EPSS
CVE
CVE
added 2025/07/25 7:0 p.m.62 views

CVE-2025-52452

CVE-2025-52452 is a path traversal vulnerability in Salesforce Tableau Server , affecting Tableau Server on Windows and Linux via the tabdoc API and duplicate-data-source modules. The issue allows absolute path traversal and impacts Tableau Server versions prior to 2025.1.3, prior to 2024.2.12, a...

8.5CVSS7AI score0.00416EPSS
CVE
CVE
added 2025/07/25 6:53 p.m.35 views

CVE-2025-52448

CVE-2025-52448 : An authorization bypass in Salesforce Tableau Server on Windows and Linux stems from a vulnerability in the validate-initial-sql API modules that allows interface manipulation and data access to the production database cluster via a user-controlled key. Affected Tableau Server ve...

8.1CVSS6.5AI score0.00335EPSS
CVE
CVE
added 2025/07/25 6:43 p.m.34 views

CVE-2025-52446

CVE-2025-52446 is a verified vulnerability in Salesforce Tableau Server (Windows and Linux) where an authorization bypass occurs via a user-controlled key in the tab-doc API modules, enabling interface manipulation and potential access to the production database cluster. Affected versions are Tab...

8CVSS6.6AI score0.00229EPSS
CVE
CVE
added 2025/07/25 6:50 p.m.33 views

CVE-2025-52447

Summary of CVE-2025-52447: Affected product is Tableau Server (Salesforce) on Windows and Linux. The vulnerability arises from an authorization bypass through the user-controlled set-initial-sql tabdoc command modules, enabling interface manipulation and potential data access to the production da...

8.1CVSS6.7AI score0.00342EPSS
CVE
CVE
added 2025/07/25 6:56 p.m.29 views

CVE-2025-52449

CVE-2025-52449 affects Salesforce Tableau Server’s Extensible Protocol Service modules. An unchecked or unrestricted upload of files with dangerous types can lead to remote code execution via deceptive filenames, as described for Tableau Server versions prior to 2025.1.3, 2024.2.12, and 2023.3.19...

8.5CVSS7.2AI score0.00246EPSS
CVE
CVE
added 2025/08/22 8:13 p.m.25 views

CVE-2025-26497

CVE-2025-26497 affects Salesforce Tableau Server (Flow Editor modules) and enables an Unrestricted Upload of a Dangerous File Type leading to Absolute Path Traversal. Affected are Tableau Server versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19. Root cause: arbitrary file upl...

7.3CVSS6.7AI score0.00254EPSS
CVE
CVE
added 2025/07/25 7:8 p.m.25 views

CVE-2025-52454

Summary (CVE-2025-52454) : A Server-Side Request Forgery (SSRF) vulnerability exists in Salesforce Tableau Server on Windows and Linux via the Amazon S3 Connector modules, enabling Resource Location Spoofing. Affected versions are Tableau Server before 2025.1.3, before 2024.2.12, and before 2023....

8.2CVSS6.7AI score0.00288EPSS
CVE
CVE
added 2025/07/25 7:5 p.m.24 views

CVE-2025-52453

CVE-2025-52453 is a Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows and Linux, specifically in the Flow Data Source modules, that enables Resource Location Spoofing. Affected Tableau Server versions are before 2025.1.3, before 2024.2.12, and before 2023.3....

8.2CVSS6.7AI score0.00288EPSS
CVE
CVE
added 2025/08/22 8:20 p.m.22 views

CVE-2025-52451

CVE-2025-52451 describes an improper input validation in Tableau Server's tabdoc api, specifically the create-data-source-from-file-upload module, enabling Absolute Path Traversal on Tableau Server installations. Affected versions are Tableau Server before 2025.1.3, before 2024.2.12, and before 2...

8.5CVSS6.7AI score0.00194EPSS
CVE
CVE
added 2025/07/25 7:11 p.m.22 views

CVE-2025-52455

Summary (CVE-2025-52455) : This SSRF (Resource Location Spoofing) vulnerability affects Salesforce Tableau Server on Windows and Linux within the EPS Server modules. Concrete details in connected documents show affected versions: Tableau Server before 2025.1.3, before 2024.2.12, and before 2023.3...

5.3CVSS6.7AI score0.00319EPSS
CVE
CVE
added 2025/08/22 8:18 p.m.20 views

CVE-2025-52450

CVE-2025-52450 describes an Absolute Path Traversal in Salesforce Tableau Server on Windows and Linux via the abdoc api - create-data-source-from-file-upload modules. Affected Tableau Server versions are before 2025.1.3, before 2024.2.12, and before 2023.3.19. The vulnerability is triggered by im...

6.5CVSS6.5AI score0.00379EPSS
CVE
CVE
added 2025/08/22 8:16 p.m.18 views

CVE-2025-26498

CVE-2025-26498 affects Tableau Server (Salesforce Tableau Server on Windows/Linux) due to an Unrestricted Upload of File with Dangerous Type via the establish-connection-no-undo modules, enabling absolute path traversal. Affected versions are Tableau Server prior to 2025.1.3, prior to 2024.2.12, ...

7.3CVSS6.7AI score0.00254EPSS