Tableau Tableau_server

22 CVEs affecting Tableau Tableau_server. Latest disclosed: 2025-08-22. Critical: 3, High: 15.

Top CVEs affecting Tableau Tableau_server
CVESeverityScorePublishedSummary
CVE-2022-22128Critical9.82022-10-17Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code e…
CVE-2020-6939Critical9.82020-11-23Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a mali…
CVE-2025-26496Critical9.32025-08-22Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload module…
CVE-2025-52451High8.52025-08-22Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolu…
CVE-2025-52452High8.52025-07-25Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - dupli…
CVE-2025-52449High8.52025-07-25Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alter…
CVE-2025-52454High8.22025-07-25Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing…
CVE-2025-52453High8.22025-07-25Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. T…
CVE-2025-52448High8.12025-07-25Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sql api modules) allows Interfa…
CVE-2025-52447High8.12025-07-25Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows I…
CVE-2019-15637High8.12019-08-26Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects T…
CVE-2025-52446High8.02025-07-25Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulati…
CVE-2025-26494High7.72025-02-11Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 throu…
CVE-2025-26495High7.52025-02-11Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This…
CVE-2020-6938High7.52020-07-08A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive…
CVE-2025-26498High7.32025-08-22Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Abso…
CVE-2025-26497High7.32025-08-22Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Travers…
CVE-2022-22127High7.22022-05-25Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing…
CVE-2025-52450Medium6.52025-08-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api - create…
CVE-2021-1629Medium6.12021-03-26Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.