CVE-2025-26495

Published: Feb 11, 2025Modified: Oct 29, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19.

Affected (6)

Products: Tableau: Tableau Server

Tableau

1 product

Tableau Server

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Tableau Tableau Server	From 2020.4 to 2020.4.19
Tableau Tableau Server	From 2021.1 to 2021.1.16
Tableau Tableau Server	From 2021.2 to 2021.2.14
Tableau Tableau Server	From 2021.3 to 2021.3.13
Tableau Tableau Server	From 2021.4 to 2021.4.8
Tableau Tableau Server	From 2022.1 to 2022.1.3

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (1)

https://help.salesforce.com/s/articleView?id=000390611&type=1

Source: security@salesforce.com

Broken Link

Timeline

No history available yet.