Vulnerabilities > CVE-2019-15637 - XXE vulnerability in Tableau products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
id | EDB-ID:47308 |
last seen | 2019-08-27 |
modified | 2019-08-27 |
published | 2019-08-27 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/47308 |
title | Tableau - XML External Entity |
Packetstorm
data source | https://packetstormsecurity.com/files/download/154232/tableau-xxe.txt |
id | PACKETSTORM:154232 |
last seen | 2019-08-27 |
published | 2019-08-27 |
reporter | Jarad Kopf |
source | https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html |
title | Tableau XML Injection |
References
- https://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products
- https://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products
- https://github.com/minecrater/exploits/blob/master/TableauXXE.py
- https://github.com/minecrater/exploits/blob/master/TableauXXE.py
- https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html
- https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html