Salesforce Tableau Server
14 CVEs affecting Salesforce Tableau Server. Latest disclosed: 2025-08-22. Critical: 0, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-52451 | High | 8.5 | 2025-08-22 | Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolu… |
CVE-2025-52452 | High | 8.5 | 2025-07-25 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - dupli… |
CVE-2025-52449 | High | 8.5 | 2025-07-25 | Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alter… |
CVE-2025-52454 | High | 8.2 | 2025-07-25 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing… |
CVE-2025-52453 | High | 8.2 | 2025-07-25 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. T… |
CVE-2025-52448 | High | 8.1 | 2025-07-25 | Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sql api modules) allows Interfa… |
CVE-2025-52447 | High | 8.1 | 2025-07-25 | Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows I… |
CVE-2025-52446 | High | 8.0 | 2025-07-25 | Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulati… |
CVE-2025-26494 | High | 7.7 | 2025-02-11 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 throu… |
CVE-2025-26495 | High | 7.5 | 2025-02-11 | Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This… |
CVE-2025-26498 | High | 7.3 | 2025-08-22 | Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Abso… |
CVE-2025-26497 | High | 7.3 | 2025-08-22 | Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Travers… |
CVE-2025-52450 | Medium | 6.5 | 2025-08-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api - create… |
CVE-2025-52455 | Medium | 5.3 | 2025-07-25 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resource Location Spoofing. This is… |