PT-2019-14310 · Tableau · Tableau Desktop+3
Published
2019-08-26
·
Updated
2022-04-18
·
CVE-2019-15637
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Tableau Server (affected versions not specified)
Tableau Desktop (affected versions not specified)
Tableau Reader (affected versions not specified)
Tableau Public Desktop (affected versions not specified)
Description
The issue allows for XXE (XML External Entity) attacks via malicious workbooks, extensions, or data sources. This can result in information disclosure or a denial of service (DoS).
Recommendations
For Tableau Server, update to a version that includes a fix for this issue.
For Tableau Desktop, update to a version that includes a fix for this issue.
For Tableau Reader, update to a version that includes a fix for this issue.
For Tableau Public Desktop, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting the use of external workbooks, extensions, or data sources until a patch is available.
Exploit
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tableau Desktop
Tableau Public Desktop
Tableau Reader
Tableau Server