2-minute read
Tableau recently released a list of security patches covering a variety of vulnerabilities in Tableau Desktop. The list featured mainly high-severity concerns, with only one of the six items listed as less severe.
High severity
Trigger: Any authenticated user publishes a workbook to Tableau Server
Possible Result: Arbitrary code execution or crashing of software
Trigger: NTLM web authentication
Possible Result: Improper read/write allows remote code execution or crashing of software
Partial information disclosure in thumbnails
Trigger: Published workbook connects to published data source that includes user functions
Possible Result: Users without proper permissions may be exposed to classified information
pgsqlODBC driver contains a heap-based buffer overflow
Trigger: psqlODBC driver shipped with Tableau Server has a buffer overflow and must be updated
Possible Result: Arbitrary code execution or crashing of software
Tableau Desktop on Mac memory corruption
Trigger: A Mac user connects to malicious Web Data Connector (WDC)
Possible Result: Arbitrary code execution or crashing of software
Medium severity
Web data connectors ignore secondary safe list for incremental refresh
Trigger: Performing an incremental refresh does not properly evaluate WDC URL safe list
Possible Result: Malicious WDC code can make requests to unapproved URL’s
To read about installing Tableau Desktop, check out their installation guide. If you’d like to upgrade software you already have, head over to the Tableau Desktop upgrade page.
Like what you see?
Author
-
Your additional text goes here
