Lucene search

[email protected]CVE-2022-22128

HistoryOct 17, 2022 - 4:15 p.m.

CVE-2022-22128

2022-10-1716:15:20

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-22128

tableau

server

path traversal

vulnerability

remote code execution

security

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.3%

JSON

Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.

Affected configurations

NVD

Node

tableautableau_serverRange2020.4–2020.4.20

tableautableau_serverRange2021.1–2021.1.17

tableautableau_serverRange2021.2–2021.2.15

tableautableau_serverRange2021.3–2021.3.14

tableautableau_serverRange2021.4–2021.4.9

tableautableau_serverRange2022.1–2022.1.4

CPENameOperatorVersion
tableau:tableau_servertableau tableau serverle2020.4.20
tableau:tableau_servertableau tableau serverle2021.1.17
tableau:tableau_servertableau tableau serverle2021.2.15
tableau:tableau_servertableau tableau serverle2021.3.14
tableau:tableau_servertableau tableau serverle2021.4.9
tableau:tableau_servertableau tableau serverle2022.1.4

CPE	Name	Operator	Version
tableau:tableau_server	tableau tableau server	le	2020.4.20
tableau:tableau_server	tableau tableau server	le	2021.1.17
tableau:tableau_server	tableau tableau server	le	2021.2.15
tableau:tableau_server	tableau tableau server	le	2021.3.14
tableau:tableau_server	tableau tableau server	le	2021.4.9
tableau:tableau_server	tableau tableau server	le	2022.1.4

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Tableau Server",
    "versions": [
      {
        "version": "2022.1 - 2022.1.42021.4 - 2021.4.92021.3 - 2021.3.142021.2 - 2021.2.152021.1 - 2021.1.172020.4 - 2020.4.20",
        "status": "affected"
      }
    ]
  }
]

References

help.salesforce.com/s/articleView?id=000367027&type=1

kb.tableau.com/articles/Issue/issue-affecting-tableau-server-administration-agent

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.3%

JSON

Related for CVE-2022-22128

nvd1 cvelist1 prion1