{"containers": {"cna": {"affected": [{"product": "Tableau Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "versions affected on both Windows and Linux are: 2018.2 through 2018.2.27"}, {"status": "affected", "version": "2018.3 through 2018.3.24"}, {"status": "affected", "version": "2019.1 through 2019.1.22"}, {"status": "affected", "version": "2019.2 through 2019.2.18"}, {"status": "affected", "version": "2019.3 through 2019.3.14"}, {"status": "affected", "version": "2019.4 through 2019.4.13"}, {"status": "affected", "version": "2020.1 through 2020.1.10"}, {"status": "affected", "version": "2020.2 through 2020.2.7"}, {"status": "affected", "version": "2020.3 through 2020.3.2"}]}], "descriptions": [{"lang": "en", "value": "Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2."}], "problemTypes": [{"descriptions": [{"description": "Incorrect Access Control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-23T16:16:25.000Z", "orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364", "shortName": "Salesforce"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://help.salesforce.com/articleView?id=000355686&type=1&mode=1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@salesforce.com", "ID": "CVE-2020-6939", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Tableau Server", "version": {"version_data": [{"version_value": "versions affected on both Windows and Linux are: 2018.2 through 2018.2.27"}, {"version_value": "2018.3 through 2018.3.24"}, {"version_value": "2019.1 through 2019.1.22"}, {"version_value": "2019.2 through 2019.2.18"}, {"version_value": "2019.3 through 2019.3.14"}, {"version_value": "2019.4 through 2019.4.13"}, {"version_value": "2020.1 through 2020.1.10"}, {"version_value": "2020.2 through 2020.2.7"}, {"version_value": "2020.3 through 2020.3.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect Access Control"}]}]}, "references": {"reference_data": [{"name": "https://help.salesforce.com/articleView?id=000355686&type=1&mode=1", "refsource": "CONFIRM", "url": "https://help.salesforce.com/articleView?id=000355686&type=1&mode=1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:18:01.581Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://help.salesforce.com/articleView?id=000355686&type=1&mode=1"}]}]}, "cveMetadata": {"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364", "assignerShortName": "Salesforce", "cveId": "CVE-2020-6939", "datePublished": "2020-11-23T16:16:25.000Z", "dateReserved": "2020-01-13T00:00:00.000Z", "dateUpdated": "2024-08-04T09:18:01.581Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "18E26A40-022A-4887-85CE-E0BFF83F7299", "versionEndIncluding": "2018.2.27", "versionStartIncluding": "2018.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B72068B-B413-4053-B1BC-0CD154D10D8D", "versionEndIncluding": "2018.3.24", "versionStartIncluding": "2018.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "52F0B5EB-D5F4-4423-8754-E9BCC3699305", "versionEndIncluding": "2019.1.22", "versionStartIncluding": "2019.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "56EB08BB-13A4-49C9-8928-DFD0DFA8D4AE", "versionEndIncluding": "2019.2.18", "versionStartIncluding": "2019.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "4401C018-6851-4211-83B1-E5595A746116", "versionEndIncluding": "2019.3.14", "versionStartIncluding": "2019.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFC0F0E8-FEB5-45AB-9D12-5592549E9408", "versionEndIncluding": "2019.4.13", "versionStartIncluding": "2019.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "06E3D4C4-6466-420B-AF73-4C2964D3F0A7", "versionEndIncluding": "2020.1.10", "versionStartIncluding": "2020.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCE3600B-1D06-4A80-919D-32E2DA3ABFC0", "versionEndIncluding": "2020.2.7", "versionStartIncluding": "2020.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "C60C48CC-A038-4AA3-95EE-045AB2F6D047", "versionEndIncluding": "2020.3.2", "versionStartIncluding": "2020.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2."}, {"lang": "es", "value": "Instalaciones de Tableau Server configuradas con Site-Specific SAML que permite a usuarios no autenticados utilizar las API. Si se explota, esto podr\u00eda permitir a un usuario malicioso establecer la configuraci\u00f3n SAML espec\u00edfica del sitio y podr\u00eda conllevar a la toma de control de la cuenta para los usuarios de ese sitio. Tableau Server versiones afectadas tanto en Windows como en Linux son: 2018.2 hasta 2018.2.27, 2018.3 hasta 2018.3.24, 2019.1 hasta 2019.1.22, 2019.2 hasta 2019.2.18, 2019.3 hasta 2019.3.14, 2019.4 hasta 2019.4.13, 2020.1 hasta 2020.1.10, 2020.2 hasta 2020.2.7 y 2020.3 hasta 2020.3.2"}], "id": "CVE-2020-6939", "lastModified": "2024-11-21T05:36:22.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-23T17:15:12.720", "references": [{"source": "security@salesforce.com", "tags": ["Third Party Advisory"], "url": "https://help.salesforce.com/articleView?id=000355686&type=1&mode=1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://help.salesforce.com/articleView?id=000355686&type=1&mode=1"}], "sourceIdentifier": "security@salesforce.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}