VYPR

Tableau Server

by Salesforce

CVEs (16)

  • CVE-2020-6939CriNov 23, 2020
    risk 0.64cvss 9.8epss 0.02

    Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau…

  • CVE-2025-26496CriAug 22, 2025
    risk 0.60cvss 9.3epss 0.00

    Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12,…

  • CVE-2025-52451HigAug 22, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

  • CVE-2025-52452HigJul 25, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - duplicate-data-source modules) allows Absolute Path Traversal. This issue affects Tableau Server: before 2025.1.3, before…

  • CVE-2025-52449HigJul 25, 2025
    risk 0.55cvss 8.5epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12,…

  • CVE-2025-52454HigJul 25, 2025
    risk 0.53cvss 8.2epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

  • CVE-2025-52453HigJul 25, 2025
    risk 0.53cvss 8.2epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

  • CVE-2025-52448HigJul 25, 2025
    risk 0.53cvss 8.1epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sql api modules) allows Interface Manipulation (data access to the production database cluster). This issue affects Tableau Server: before 2025.1.3,…

  • CVE-2025-52447HigJul 25, 2025
    risk 0.53cvss 8.1epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows Interface Manipulation (data access to the production database cluster). This issue affects Tableau Server: before…

  • CVE-2025-52446HigJul 25, 2025
    risk 0.52cvss 8.0epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulation (data access to the production database cluster).This issue affects Tableau Server: before 2025.1.3, before…

  • CVE-2025-26494HigFeb 11, 2025
    risk 0.50cvss 7.7epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 through 2023.3.5.

  • CVE-2025-26495HigFeb 11, 2025
    risk 0.49cvss 7.5epss 0.00

    Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16,…

  • CVE-2025-26498HigAug 22, 2025
    risk 0.47cvss 7.3epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

  • CVE-2025-26497HigAug 22, 2025
    risk 0.47cvss 7.3epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

  • CVE-2025-52450MedAug 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before…

  • CVE-2025-52455MedJul 25, 2025
    risk 0.34cvss 5.3epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.