CVE-2022-22127

Name of the Vulnerable Software and Affected Versions Tableau Server versions 2020.4.16 through 2021.4.4 and earlier

Description A broken access control issue is present in Tableau Server, affecting customers who use Local Identity Store for user management. This issue allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, potentially leading to unauthorized access to data.

Recommendations For Tableau Server versions 2020.4.16 through 2021.4.4 and earlier, update to a future release of Tableau Server, as all future releases will address this security issue. As a temporary workaround, consider restricting the privileges of site administrators to minimize the risk of exploitation.