QID 375583

Date Published: 2021-07-15

QID 375583: Tableau Server And Desktop Multiple Vulnerabilities (ADV-2020-059,ADV-2020-060,ADV-2020-061)

Tableau Server is a Business Intelligence application that allows its users to organize, edit, share, and collaborate on Tableau dashboards.

Tableau products fail to parse certain non-ASCII characters and allows publishers to embed external web pages in web zones.

Affected Versions:
Tableau Server on Linux 2018.2 through 2018.2.28
Tableau Server on Linux 2018.3 through 2018.3.25
Tableau Server on Linux 2019.1 through 2019.1.23
Tableau Server on Linux 2019.2 through 2019.2.19
Tableau Server on Linux 2019.3 through 2019.3.15
Tableau Server on Linux 2019.4 through 2019.4.14
Tableau Server on Linux 2020.1 through 2020.1.11
Tableau Server on Linux 2020.2 through 2020.2.8
Tableau Server on Linux 2020.3 through 2020.3.3
Tableau Server on Windows 2018.2 through 2018.2.28
Tableau Server on Windows 2018.3 through 2018.3.25
Tableau Server on Windows 2019.1 through 2019.1.23
Tableau Server on Windows 2019.2 through 2019.2.19
Tableau Server on Windows 2019.3 through 2019.3.15
Tableau Server on Windows 2019.4 through 2019.4.14
Tableau Server on Windows 2020.1 through 2020.1.11
Tableau Server on Windows 2020.2 through 2020.2.8
Tableau Server on Windows 2020.3 through 2020.3.3
Tableau Desktop on Mac 2018.2 through 2018.2.28
Tableau Desktop on Mac 2018.3 through 2018.3.25
Tableau Desktop on Mac 2019.1 through 2019.1.23
Tableau Desktop on Mac 2019.2 through 2019.2.19
Tableau Desktop on Mac 2019.3 through 2019.3.15
Tableau Desktop on Mac 2019.4 through 2019.4.14
Tableau Desktop on Mac 2020.1 through 2020.1.11
Tableau Desktop on Mac 2020.2 through 2020.2.8
Tableau Desktop on Mac 2020.3 through 2020.3.3
Tableau Desktop on Windows 2018.2 through 2018.2.28
Tableau Desktop on Windows 2018.3 through 2018.3.25
Tableau Desktop on Windows 2019.1 through 2019.1.23
Tableau Desktop on Windows 2019.2 through 2019.2.19
Tableau Desktop on Windows 2019.3 through 2019.3.15
Tableau Desktop on Windows 2019.4 through 2019.4.14
Tableau Desktop on Windows 2020.1 through 2020.1.11
Tableau Desktop on Windows 2020.2 through 2020.2.8
Tableau Desktop on Windows 2020.3 through 2020.3.3
QID Detection Logic (Authenticated)
This QID checks for the file version of tabsvc.exe for Tableau Server

An attacker may use the files in this folder for privilege escalation and Attacker might cause buffer over-read.

  • CVSS V3 rated as Medium - 5.3 severity.
  • CVSS V2 rated as Medium - 5 severity.
    • Solution

    Customers are advised to refer to ADV-2020-059 ADV-2020-060 ADV-2020-061for information pertaining to remediating this vulnerability.

    Vendor References

    CVEs related to QID 375583

    CVE-2020-17507 |
    Software Advisories
    Advisory ID Software Component Link
    ADV-2020-059 URL Logo community.tableau.com/s/news/a0A4T000002gF5dUAE/important-adv2020059-tableau-fixes-a-vulnerbaility-in-qtwebengine
    ADV-2020-060 URL Logo community.tableau.com/s/news/a0A4T000002gF5iUAE/important-adv2020060-tableau-server-default-installation-weak-permissions
    ADV-2020-061 URL Logo community.tableau.com/s/news/a0A4T000002gF5sUAE/important-adv2020061tableau-server-nondefault-installation-weak-permission
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].