CVE-2019-15637

Published Aug 26, 2019
Last updated 3 years ago
CVSS high 8.1
Overview

Description: Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Severity: HIGH
CVSS 3.0

Type: Secondary
Base score: 7.1
Impact score: 4.2
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 5.5
Impact score: 4.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:P
Weaknesses

nvd@nist.gov: CWE-611
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E95A215-C68A-4E39-AF1B-6D7427E56973",
            "versionEndIncluding": "10.5.18",
            "versionStartIncluding": "10.5"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E385CA2A-E91A-4BC7-8506-BEF6062B150C",
            "versionEndIncluding": "2018.1.15",
            "versionStartIncluding": "2018.1"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE1A7008-8A45-401D-834B-0BB2C1EA0C33",
            "versionEndIncluding": "2018.12",
            "versionStartIncluding": "2018.2"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "947A754A-05EF-40F0-8AA8-30F1A14BC4D9",
            "versionEndIncluding": "2018.3.9",
            "versionStartIncluding": "2018.3"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4929F7F1-F93C-4B8C-82E1-5BFE1151E9B9",
            "versionEndIncluding": "2019.1.6",
            "versionStartIncluding": "2019.1"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE7C9914-27BB-4A77-925C-F33C7F5442A7",
            "versionEndIncluding": "2019.2.2",
            "versionStartIncluding": "2019.2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9251CC38-30D8-430E-8686-65E5087DA8A3",
            "versionEndIncluding": "10.2.23",
            "versionStartIncluding": "10.2"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "024F8EBE-56EB-4823-9C9D-0235F6B8364D",
            "versionEndIncluding": "10.3.23",
            "versionStartIncluding": "10.3"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E8BF98F-59E5-4AEF-9C66-5D0232A77E04",
            "versionEndIncluding": "10.4.19",
            "versionStartIncluding": "10.4"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E95A215-C68A-4E39-AF1B-6D7427E56973",
            "versionEndIncluding": "10.5.18",
            "versionStartIncluding": "10.5"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E385CA2A-E91A-4BC7-8506-BEF6062B150C",
            "versionEndIncluding": "2018.1.15",
            "versionStartIncluding": "2018.1"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE1A7008-8A45-401D-834B-0BB2C1EA0C33",
            "versionEndIncluding": "2018.12",
            "versionStartIncluding": "2018.2"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "947A754A-05EF-40F0-8AA8-30F1A14BC4D9",
            "versionEndIncluding": "2018.3.9",
            "versionStartIncluding": "2018.3"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4929F7F1-F93C-4B8C-82E1-5BFE1151E9B9",
            "versionEndIncluding": "2019.1.6",
            "versionStartIncluding": "2019.1"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE7C9914-27BB-4A77-925C-F33C7F5442A7",
            "versionEndIncluding": "2019.2.2",
            "versionStartIncluding": "2019.2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B8F1A52-AA3D-4D12-A518-0721FAD63102",
            "versionEndIncluding": "10.2.23",
            "versionStartIncluding": "10.2"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E057777C-880F-4E22-B4FB-CB2341E83610",
            "versionEndIncluding": "10.3.23",
            "versionStartIncluding": "10.3"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "541F2AF1-AB8A-412D-94B6-CE481DCCA332",
            "versionEndIncluding": "10.4.19",
            "versionStartIncluding": "10.4"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF1B0077-F84B-4900-9215-F68DED52CE07",
            "versionEndIncluding": "10.5.18",
            "versionStartIncluding": "10.5"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBDFBAF8-CE09-4415-A03D-455AA5883F02",
            "versionEndIncluding": "2018.1.15",
            "versionStartIncluding": "2018.1"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20A4CDDF-58A1-49E7-94E7-F59F84894C61",
            "versionEndIncluding": "2018.2.12",
            "versionStartIncluding": "2018.2"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAEF5EF7-F5DA-4A60-A7E3-313F7D1C5DA2",
            "versionEndIncluding": "2018.3.9",
            "versionStartIncluding": "2018.3"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46C3C48B-2CBA-455E-9B8F-036395813507",
            "versionEndIncluding": "2019.1.6",
            "versionStartIncluding": "2019.1"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FEA910B-FA61-414E-82DC-6FACC4693649",
            "versionEndIncluding": "2019.2.2",
            "versionStartIncluding": "2019.2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B8F1A52-AA3D-4D12-A518-0721FAD63102",
            "versionEndIncluding": "10.2.23",
            "versionStartIncluding": "10.2"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E057777C-880F-4E22-B4FB-CB2341E83610",
            "versionEndIncluding": "10.3.23",
            "versionStartIncluding": "10.3"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "541F2AF1-AB8A-412D-94B6-CE481DCCA332",
            "versionEndIncluding": "10.4.19",
            "versionStartIncluding": "10.4"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF1B0077-F84B-4900-9215-F68DED52CE07",
            "versionEndIncluding": "10.5.18",
            "versionStartIncluding": "10.5"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBDFBAF8-CE09-4415-A03D-455AA5883F02",
            "versionEndIncluding": "2018.1.15",
            "versionStartIncluding": "2018.1"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20A4CDDF-58A1-49E7-94E7-F59F84894C61",
            "versionEndIncluding": "2018.2.12",
            "versionStartIncluding": "2018.2"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAEF5EF7-F5DA-4A60-A7E3-313F7D1C5DA2",
            "versionEndIncluding": "2018.3.9",
            "versionStartIncluding": "2018.3"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46C3C48B-2CBA-455E-9B8F-036395813507",
            "versionEndIncluding": "2019.1.6",
            "versionStartIncluding": "2019.1"
          },
          {
            "criteria": "cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FEA910B-FA61-414E-82DC-6FACC4693649",
            "versionEndIncluding": "2019.2.2",
            "versionStartIncluding": "2019.2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tableau:tableau_reader:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95670BED-5773-45AB-AAB8-6338874A690A",
            "versionEndIncluding": "10.2.2",
            "versionStartIncluding": "10.2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tableau:tableau_public_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2C45810-5A87-4FE4-8857-E14F8ACE659E",
            "versionEndIncluding": "10.2.2",
            "versionStartIncluding": "10.2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
