← Back

CVE-2019-15637

nvd nist
Published: Aug 26, 2019Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Exploitability: 2.8 / Impact: 5.2
Source: NVD

Description

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.

Affected (20)

Tableau
4 products
Tableau Server
Tableau Desktop
Tableau Reader
Tableau Public Desktop
Configuration A
1 platform
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Configuration B
9 vulnerable
Vulnerable SoftwareAffected Versions
Tableau
Tableau Server
From 10.2 to 10.2.23
Tableau Server
From 10.3 to 10.3.23
Tableau Server
From 10.4 to 10.4.19
Tableau Server
From 10.5 to 10.5.18
Tableau Server
From 2018.1 to 2018.1.15
Tableau Server
From 2018.2 to 2018.12
Tableau Server
From 2018.3 to 2018.3.9
Tableau Server
From 2019.1 to 2019.1.6
Tableau Server
From 2019.2 to 2019.2.2
Configuration D
9 vulnerable
Vulnerable SoftwareAffected Versions
Tableau
Tableau Desktop
From 10.2 to 10.2.23
Tableau Desktop
From 10.3 to 10.3.23
Tableau Desktop
From 10.4 to 10.4.19
Tableau Desktop
From 10.5 to 10.5.18
Tableau Desktop
From 2018.1 to 2018.1.15
Tableau Desktop
From 2018.2 to 2018.2.12
Tableau Desktop
From 2018.3 to 2018.3.9
Tableau Desktop
From 2019.1 to 2019.1.6
Tableau Desktop
From 2019.2 to 2019.2.2
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Tableau Reader
From 10.2 to 10.2.2
Configuration F
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Tableau Public Desktop
From 10.2 to 10.2.2
Running on/withPlatform Versions
Apple
Macos
All versions
Microsoft
Windows
All versions

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (6)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.