CVE-2025-26495
published 2025-02-11CVE-2025-26495: Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.31%
22.8th percentile
Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| salesforce | tableau_server | < 2022.1.3 | 2022.1.3 |
| salesforce | tableau_server | < 2021.4.8 | 2021.4.8 |
| salesforce | tableau_server | < 2021.3.13 | 2021.3.13 |
| salesforce | tableau_server | < 2021.2.14 | 2021.2.14 |
| salesforce | tableau_server | < 2021.1.16 | 2021.1.16 |
| salesforce | tableau_server | < 2020.4.19 | 2020.4.19 |
| tableau | tableau_server | >= 2020.4 < 2020.4.19 | 2020.4.19 |
| tableau | tableau_server | >= 2021.1 < 2021.1.16 | 2021.1.16 |
| tableau | tableau_server | >= 2021.2 < 2021.2.14 | 2021.2.14 |
| tableau | tableau_server | >= 2021.3 < 2021.3.13 | 2021.3.13 |
| tableau | tableau_server | >= 2021.4 < 2021.4.8 | 2021.4.8 |
| tableau | tableau_server | >= 2022.1 < 2022.1.3 | 2022.1.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-02-11
Published