CVE-2020-6939

Name of the Vulnerable Software and Affected Versions Tableau Server versions 2018.2 through 2018.2.27 Tableau Server versions 2018.3 through 2018.3.24 Tableau Server versions 2019.1 through 2019.1.22 Tableau Server versions 2019.2 through 2019.2.18 Tableau Server versions 2019.3 through 2019.3.14 Tableau Server versions 2019.4 through 2019.4.13 Tableau Server versions 2020.1 through 2020.1.10 Tableau Server versions 2020.2 through 2020.2.7 Tableau Server versions 2020.3 through 2020.3.2

Description The issue affects Tableau Server installations configured with Site-Specific SAML, allowing APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings, potentially leading to account takeover for users of that site.

Recommendations For Tableau Server versions 2018.2 through 2018.2.27, update to a version outside of this range to mitigate the risk. For Tableau Server versions 2018.3 through 2018.3.24, update to a version outside of this range to mitigate the risk. For Tableau Server versions 2019.1 through 2019.1.22, update to a version outside of this range to mitigate the risk. For Tableau Server versions 2019.2 through 2019.2.18, update to a version outside of this range to mitigate the risk. For Tableau Server versions 2019.3 through 2019.3.14, update to a version outside of this range to mitigate the risk. For Tableau Server versions 2019.4 through 2019.4.13, update to a version outside of this range to mitigate the risk. For Tableau Server versions 2020.1 through 2020.1.10, update to a version outside of this range to mitigate the risk. For Tableau Server versions 2020.2 through 2020.2.7, update to a version outside of this range to mitigate the risk. For Tableau Server versions 2020.3 through 2020.3.2, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to Site-Specific SAML settings until a patch is available.