cbcvebase.
CVE-2022-22128
published 2022-10-17

CVE-2022-22128: Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code…

PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.34%
67.8th percentile
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.

Affected

7 ranges
VendorProductVersion rangeFixed in
tableautableau_server
tableautableau_server2020.4 – 2020.4.20
tableautableau_server2021.1 – 2021.1.17
tableautableau_server2021.2 – 2021.2.15
tableautableau_server2021.3 – 2021.3.14
tableautableau_server2021.4 – 2021.4.9
tableautableau_server2022.1 – 2022.1.4

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2022-22128 is a path traversal vulnerability in Tableau Server Administration Agent's internal file transfer service. Detection should focus on anomalous file path traversal sequences (e.g., '../') in requests to the Administration Agent's file transfer service endpoint.
  • The vulnerability is exploitable remotely with no authentication required (PR:N) and no user interaction (UI:N), making it detectable via network-level monitoring for unauthenticated inbound connections to the Tableau Server Administration Agent file transfer service.
  • ·Affected Tableau Server versions are explicitly scoped: only versions supported within 24 months of release are assessed; older end-of-life versions are not tested and may also be vulnerable but will not receive patches.
  • ·For Siemens Opcenter Intelligence, all versions prior to V2501 are affected by this vulnerability (as bundled Tableau Server component). Upgrade to V2501 or later is required.
  • ·No known public exploitation specifically targeting CVE-2022-22128 has been reported to CISA at the time of advisory publication.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.