Product
tableau server
24 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-52451
CVE-2025-52450
CVE-2025-26498
CVE-2025-26497
CVE-2025-26496
CVE-2025-52455
CVE-2025-52454
CVE-2025-52453
CVE-2025-52452
CVE-2025-52449
CVE-2025-52448
CVE-2025-52447
CVE-2025-52446
CVE-2025-26495
CVE-2025-26494
CVE-2022-22128
CVE-2022-22127
CVE-2021-1629
CVE-2020-6939
CVE-2020-6938
CVE-2019-19719
CVE-2019-15637
CVE-2017-5178
CVE-2014-1204
< 2023.3.19
Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-
< 2023.3.19
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windo
< 2023.3.19
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection
< 2023.3.19
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules)
< 2023.3.19
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windo
< 2023.3.19
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resour
< 2023.3.19
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allo
< 2023.3.19
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows
< 2023.3.19
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windo
< 2023.3.19
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol
< 2023.3.19
Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sq
< 2023.3.19
Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tab
< 2023.3.19
Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules
>= 2020.4 and < 2020.4.19
Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) i
>= 2023.3 and <= 2023.3.5
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tabl
>= 2020.4 and <= 2020.4.20
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service
>= 2020.4 and <= 2020.4.16
Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local
>= 2019.4 and < 2019.4.18
Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.
>= 2018.2 and <= 2018.2.27
Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If explo
>= 2018.1 and <= 2020.2
A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, cou
>= 10.3 and <= 2019.4
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
>= 10.5 and <= 10.5.18
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclo
all versions
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 20
all versions
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execu