Overview
- Description
- Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable.
- Source
- security@salesforce.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35A3A2DC-A45A-4FF1-B149-507280EB80B3",
"versionEndIncluding": "2020.4.16",
"versionStartIncluding": "2020.4"
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD2F9200-3394-4AF5-ADBF-5248B81841C4",
"versionEndIncluding": "2021.1.13",
"versionStartIncluding": "2021.1"
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68BB7CDF-7CA9-4CA2-9B53-C28D5B7F3AAC",
"versionEndIncluding": "2021.2.10",
"versionStartIncluding": "2021.2"
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A50A27D-6721-4456-A1F6-9CDCF92D1EA6",
"versionEndIncluding": "2021.3.9",
"versionStartIncluding": "2021.3"
},
{
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADE492FF-CC59-4BC2-A29B-B2457DCF9F1F",
"versionEndIncluding": "2021.4.4",
"versionStartIncluding": "2021.4"
}
],
"operator": "OR"
}
]
}
]