Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.
This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop. Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS.
#Tableau desktop 2021.2 windows
Versions that are no longer supported are not tested and may be vulnerable.ħ Macos, Linux Kernel, Windows and 4 more The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users.
0 kommentar(er)
