CVE-2017-5178

Name of the Vulnerable Software and Affected Versions Tableau Server versions 7.0 through 10.1.3 Tableau Desktop versions 7.0 through 10.1.3 Wonderware Intelligence versions prior to 2014R3

Description The issue is related to the use of a pre-installed account in the affected software. This could allow a remote attacker to gain unauthorized access to the system. The default system account is difficult to configure with non-default credentials after installation, and changing the default credentials in the embedded Tableau Server is not documented. The software is vulnerable when used with local authentication mode, but not when used with Windows integrated security (Active Directory).

Recommendations For Tableau Server versions 7.0 through 10.1.3, consider changing the default credentials of the system account as soon as possible. For Tableau Desktop versions 7.0 through 10.1.3, consider changing the default credentials of the system account as soon as possible. For Wonderware Intelligence versions prior to 2014R3, consider updating to a version that does not contain the vulnerable default system account or changing the default credentials of the system account as soon as possible. As a temporary workaround, consider disabling local authentication mode and using Windows integrated security (Active Directory) instead, if possible.