Primary

Context

Salesforce Tableau Server Server-Side Request Forgery Vulnerability Allowing Authentication Bypass

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in Salesforce Tableau Server, specifically in versions 2023.3 through 2023.3.5. This vulnerability allows authentication bypass, enabling a malicious actor with access to the Tableau Server instance to authenticate and potentially access unauthenticated data on the server's network.

Impact

Exploitation of this vulnerability could lead to unauthorized access to data on the Tableau Server network that does not require authentication.

Remediation

Tableau has released versions 2023.1.4, 2022.3.8, 2022.1.16, 2021.4.20, and 2021.3.25 to address this vulnerability. These versions are available for download on the Tableau Server Maintenance Release page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salesforce Tableau Server Server-Side Request Forgery Vulnerability Allowing Authentication Bypass

Vulnerability

Impact

Remediation

Affected Products

Salesforce Tableau Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating