Lucene search

MitreCVE-2019-15637

HistoryAug 26, 2019 - 5:15 p.m.

CVE-2019-15637

2019-08-2617:15:12

CWE-611

mitre

web.nvd.nist.gov

tableau

xxe

information disclosure

dos

security vulnerability

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.077

Percentile

94.3%

JSON

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.

Affected configurations

Nvd

Node

linuxlinux_kernelMatch-

AND

tableautableau_serverRange10.5–10.5.18

tableautableau_serverRange2018.1–2018.1.15

tableautableau_serverRange2018.2–2018.12

tableautableau_serverRange2018.3–2018.3.9

tableautableau_serverRange2019.1–2019.1.6

tableautableau_serverRange2019.2–2019.2.2

Node

microsoftwindowsMatch-

AND

tableautableau_serverRange10.2–10.2.23

tableautableau_serverRange10.3–10.3.23

tableautableau_serverRange10.4–10.4.19

tableautableau_serverRange10.5–10.5.18

tableautableau_serverRange2018.1–2018.1.15

tableautableau_serverRange2018.2–2018.12

tableautableau_serverRange2018.3–2018.3.9

tableautableau_serverRange2019.1–2019.1.6

tableautableau_serverRange2019.2–2019.2.2

Node

applemacosMatch-

AND

tableautableau_desktopRange10.2–10.2.23

tableautableau_desktopRange10.3–10.3.23

tableautableau_desktopRange10.4–10.4.19

tableautableau_desktopRange10.5–10.5.18

tableautableau_desktopRange2018.1–2018.1.15

tableautableau_desktopRange2018.2–2018.2.12

tableautableau_desktopRange2018.3–2018.3.9

tableautableau_desktopRange2019.1–2019.1.6

tableautableau_desktopRange2019.2–2019.2.2

Node

microsoftwindowsMatch-

AND

tableautableau_desktopRange10.2–10.2.23

tableautableau_desktopRange10.3–10.3.23

tableautableau_desktopRange10.4–10.4.19

tableautableau_desktopRange10.5–10.5.18

tableautableau_desktopRange2018.1–2018.1.15

tableautableau_desktopRange2018.2–2018.2.12

tableautableau_desktopRange2018.3–2018.3.9

tableautableau_desktopRange2019.1–2019.1.6

tableautableau_desktopRange2019.2–2019.2.2

Node

applemacosMatch-

microsoftwindowsMatch-

AND

tableautableau_readerRange10.2–10.2.2

Node

applemacosMatch-

microsoftwindowsMatch-

AND

tableautableau_public_desktopRange10.2–10.2.2

VendorProductVersionCPE
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
tableautableau_server*cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
tableautableau_desktop*cpe:2.3:a:tableau:tableau_desktop:*:*:*:*:*:*:*:*
tableautableau_reader*cpe:2.3:a:tableau:tableau_reader:*:*:*:*:*:*:*:*
tableautableau_public_desktop*cpe:2.3:a:tableau:tableau_public_desktop:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
tableau	tableau_server	*	cpe:2.3:a:tableau:tableau_server::::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
tableau	tableau_desktop	*	cpe:2.3:a:tableau:tableau_desktop::::::::
tableau	tableau_reader	*	cpe:2.3:a:tableau:tableau_reader::::::::
tableau	tableau_public_desktop	*	cpe:2.3:a:tableau:tableau_public_desktop::::::::