CVE-2022-22128
published 2022-10-17CVE-2022-22128: Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code…
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.34%
67.8th percentile
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tableau | tableau_server | — | — |
| tableau | tableau_server | 2020.4 – 2020.4.20 | — |
| tableau | tableau_server | 2021.1 – 2021.1.17 | — |
| tableau | tableau_server | 2021.2 – 2021.2.15 | — |
| tableau | tableau_server | 2021.3 – 2021.3.14 | — |
| tableau | tableau_server | 2021.4 – 2021.4.9 | — |
| tableau | tableau_server | 2022.1 – 2022.1.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-22128 is a path traversal vulnerability in Tableau Server Administration Agent's internal file transfer service. Detection should focus on anomalous file path traversal sequences (e.g., '../') in requests to the Administration Agent's file transfer service endpoint. ↗
- →The vulnerability is exploitable remotely with no authentication required (PR:N) and no user interaction (UI:N), making it detectable via network-level monitoring for unauthenticated inbound connections to the Tableau Server Administration Agent file transfer service. ↗
- ·Affected Tableau Server versions are explicitly scoped: only versions supported within 24 months of release are assessed; older end-of-life versions are not tested and may also be vulnerable but will not receive patches. ↗
- ·For Siemens Opcenter Intelligence, all versions prior to V2501 are affected by this vulnerability (as bundled Tableau Server component). Upgrade to V2501 or later is required. ↗
- ·No known public exploitation specifically targeting CVE-2022-22128 has been reported to CISA at the time of advisory publication. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Opcenter Intelligence
cisa_ics·2025-02-13
Siemens Opcenter Intelligence
ICS Advisory
##
Siemens Opcenter Intelligence
Release DateFebruary 13, 2025
Alert CodeICSA-25-044-14
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.4
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Opcenter Intelligence
- Vulnerabilities: Improper Authentication, Improper Limitation of a Pathname to a Restricted Directory (
GHSA
GHSA-mchj-fc27-3mfm: Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remo
ghsa_unreviewed·2023-07-06
CVE-2022-22128 [CRITICAL] CWE-22 GHSA-mchj-fc27-3mfm: Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remo
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-10-17
Published