Vulnerabilities > CVE-2019-15637 - XXE vulnerability in Tableau products

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
tableau
CWE-611
exploit available
NVD
Published: 2019-08-26
Updated: 2022-04-18

Summary

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.

Vulnerable Configurations

Part Description Count
Application
Tableau
307
OS
Linux
1
OS
Microsoft
1
OS
Apple
1

Common Weakness Enumeration (CWE)

Exploit-Db

idEDB-ID:47308
last seen2019-08-27
modified2019-08-27
published2019-08-27
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/47308
titleTableau - XML External Entity

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/154232/tableau-xxe.txt
idPACKETSTORM:154232
last seen2019-08-27
published2019-08-27
reporterJarad Kopf
sourcehttps://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html
titleTableau XML Injection

References