Tableau Reader 2019

Reader

Tableau Reader Technical Specifications; Quick Links Tableau Reader. Customer Portal. Resources How-To & Troubleshooting. Find answers to technical questions and issues in our Knowledge Base articles. Ask questions, get answers, and connect with other Tableau. Workbooks created in earlier versions of Tableau Desktop can be opened in the current version of Tableau Reader. For example, Tableau Reader 9.x can view workbooks created by Tableau Desktop 6.0-9.x. And workbooks created with a.tde format can be converted to using Hyper (though it cannot be reversed).

Modified

This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.

Current Description

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.


Analysis Description

Tableau Reader 2019.2

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.

Severity

CVSS 3.x Severity and Metrics:

Cached

NIST:NVD
Vector:MITRE
Reader
Vector:NVD
Vector:HyperlinkResourcehttps://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-productsVendor Advisoryhttps://github.com/minecrater/exploits/blob/master/TableauXXE.pyExploitThird Party Advisoryhttps://packetstormsecurity.com/files/154232/Tableau-XML-Injection.htmlExploitThird Party AdvisoryVDB Entry

Weakness Enumeration

CWE-IDCWE NameSource
CWE-611Improper Restriction of XML External Entity ReferenceNIST

Known Affected Software Configurations Switch to CPE 2.2

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes