Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22128

Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.

Published

2022-10-17T16:15:20.643

Last Modified

2025-05-13T21:15:59.260

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-22
Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tableau	tableau_server	≤ 2020.4.20	Yes
Application	tableau	tableau_server	≤ 2021.1.17	Yes
Application	tableau	tableau_server	≤ 2021.2.15	Yes
Application	tableau	tableau_server	≤ 2021.3.14	Yes
Application	tableau	tableau_server	≤ 2021.4.9	Yes
Application	tableau	tableau_server	≤ 2022.1.4	Yes

References

https://help.salesforce.com/s/articleView?id=000367027&type=1 Broken Link ([email protected])
https://kb.tableau.com/articles/Issue/issue-affecting-tableau-server-administration-agent Vendor Advisory ([email protected])
https://help.salesforce.com/s/articleView?id=000367027&type=1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)