CVE Vulnerability

CVE-2022-22127

Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable.

6.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://help.salesforce.com/s/articleView?id=000365493&type=1 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
Information

Published : 2022-05-25 02:15

Updated : 2022-06-07 08:12

NVD link : CVE-2022-22127

Mitre link : CVE-2022-22127

Products Affected

Tableau

Tableau Server

CWE
NVD-CWE-noinfo