Salesforce Tableau Server vulnerabilities
14 known vulnerabilities affecting salesforce/tableau_server.
Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH12MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-52452P3HIGHCVSS 8.5fixed in 2025.1.3fixed in 2024.2.12+1 more2025-07-25
CVE-2025-52452 [HIGH] CWE-22 CVE-2025-52452: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sale
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - duplicate-data-source modules) allows Absolute Path Traversal. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
nvd
CVE-2025-52448P3HIGHCVSS 8.1fixed in 2025.1.3fixed in 2024.2.12+1 more2025-07-25
CVE-2025-52448 [HIGH] CWE-639 CVE-2025-52448: Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windo
Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sql api modules) allows Interface Manipulation (data access to the production database cluster). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
nvd
CVE-2025-52447P3HIGHCVSS 8.1fixed in 2025.1.3fixed in 2024.2.12+1 more2025-07-25
CVE-2025-52447 [HIGH] CWE-639 CVE-2025-52447: Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windo
Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows Interface Manipulation (data access to the production database cluster). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
nvd
CVE-2025-52454P3HIGHCVSS 8.2fixed in 2025.1.3fixed in 2024.2.12+1 more2025-07-25
CVE-2025-52454 [HIGH] CWE-918 CVE-2025-52454: Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Ama
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
nvd
CVE-2025-52453P3HIGHCVSS 8.2fixed in 2025.1.3fixed in 2024.2.12+1 more2025-07-25
CVE-2025-52453 [HIGH] CWE-918 CVE-2025-52453: Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flo
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
nvd
CVE-2025-26497P3HIGHCVSS 7.3fixed in 2025.1.3fixed in 2024.2.12+1 more2025-08-22
CVE-2025-26497 [HIGH] CWE-434 CVE-2025-26497: Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Window
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
nvd
CVE-2025-26498P3HIGHCVSS 7.3fixed in 2025.1.3fixed in 2024.2.12+1 more2025-08-22
CVE-2025-26498 [HIGH] CWE-434 CVE-2025-26498: Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Window
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
nvd
CVE-2025-26494P3HIGHCVSS 7.7≥ 2023.3, ≤ 2023.3.52025-02-11
CVE-2025-26494 [HIGH] CWE-918 CVE-2025-26494: Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 through 2023.3.5.
nvd
CVE-2025-52449P3HIGHCVSS 8.5fixed in 2025.1.3fixed in 2024.2.12+1 more2025-07-25
CVE-2025-52449 [HIGH] CWE-434 CVE-2025-52449: Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Window
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
nvd
CVE-2025-52451P3HIGHCVSS 8.5fixed in 2025.1.3fixed in 2024.2.12+1 more2025-08-22
CVE-2025-52451 [HIGH] CWE-20 CVE-2025-52451: Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api -
Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
nvd
CVE-2025-52446P3HIGHCVSS 8.0fixed in 2025.1.3fixed in 2024.2.12+1 more2025-07-25
CVE-2025-52446 [HIGH] CWE-639 CVE-2025-52446: Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windo
Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulation (data access to the production database cluster).This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
nvd
CVE-2025-52450P3MEDIUMCVSS 6.5fixed in 2025.1.3fixed in 2024.2.12+1 more2025-08-22
CVE-2025-52450 [MEDIUM] CWE-22 CVE-2025-52450: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sale
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
nvd
CVE-2025-26495P3HIGHCVSS 7.5fixed in 2022.1.3fixed in 2021.4.8+4 more2025-02-11
CVE-2025-26495 [HIGH] CWE-312 CVE-2025-26495: Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the
Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19.
nvd
CVE-2025-52455P4MEDIUMCVSS 5.3fixed in 2025.1.3fixed in 2024.2.12+1 more2025-07-25
CVE-2025-52455 [MEDIUM] CWE-918 CVE-2025-52455: Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
nvd