CVE-2022-22128

EUVD-2022-27277
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
tableautableau_server
2020.4 ≤
𝑥
≤ 2020.4.20
tableautableau_server
2021.1 ≤
𝑥
≤ 2021.1.17
tableautableau_server
2021.2 ≤
𝑥
≤ 2021.2.15
tableautableau_server
2021.3 ≤
𝑥
≤ 2021.3.14
tableautableau_server
2021.4 ≤
𝑥
≤ 2021.4.9
tableautableau_server
2022.1 ≤
𝑥
≤ 2022.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://help.salesforce.com/s/articleView?id=000367027&type=1
https://kb.tableau.com/articles/Issue/issue-affecting-tableau-server-administration-agent
https://help.salesforce.com/s/articleView?id=000367027&type=1