PT-2019-14310 · Tableau · Tableau Desktop+3
Publicado
2019-08-26
·
Atualizado
2022-04-18
·
CVE-2019-15637
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Tableau Server (affected versions not specified)
Tableau Desktop (affected versions not specified)
Tableau Reader (affected versions not specified)
Tableau Public Desktop (affected versions not specified)
Description
The issue allows for XXE (XML External Entity) attacks via malicious workbooks, extensions, or data sources. This can result in information disclosure or a denial of service (DoS).
Recommendations
For Tableau Server, update to a version that includes a fix for this issue.
For Tableau Desktop, update to a version that includes a fix for this issue.
For Tableau Reader, update to a version that includes a fix for this issue.
For Tableau Public Desktop, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting the use of external workbooks, extensions, or data sources until a patch is available.
Exploit
Correção
XXE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tableau Desktop
Tableau Public Desktop
Tableau Reader
Tableau Server