CVE-2020-6938

A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SalesforceCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
tableautableau_server
2018.1 ≤
𝑥
≤ 2020.2
tableautableau_server
10.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://help.salesforce.com/apex/HTViewSolution?urlname=Sensitive-information-disclosure-vulnerability-affecting-Tableau-Server-in-certain-use-cases&language=en_US
https://help.salesforce.com/articleView?id=000354158&type=1&mode=1
https://help.salesforce.com/apex/HTViewSolution?urlname=Sensitive-information-disclosure-vulnerability-affecting-Tableau-Server-in-certain-use-cases&language=en_US
https://help.salesforce.com/articleView?id=000354158&type=1&mode=1