CVE-2022-22128
CVSS V2 None
CVSS V3 Critical 9.8
Description
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.
Overview
- CVE ID
- CVE-2022-22128
- Assigner
- security@salesforce.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-10-17T16:15:20
- Last Modified Date
- 2022-10-19T14:21:52
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* | 1 | OR | 2020.4 | 2020.4.20 |
| cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* | 1 | OR | 2021.1 | 2021.1.17 |
| cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* | 1 | OR | 2021.2 | 2021.2.15 |
| cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* | 1 | OR | 2021.3 | 2021.3.14 |
| cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* | 1 | OR | 2021.4 | 2021.4.9 |
| cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:* | 1 | OR | 2022.1 | 2022.1.4 |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 9.8
- Base Severity
- CRITICAL
- Exploitability Score
- 3.9
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://help.salesforce.com/s/articleView?id=000367027&type=1 | Broken Link |
| https://kb.tableau.com/articles/Issue/issue-affecting-tableau-server-administration-agent | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-22128 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22128 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-10-17 17:00:17 | Added to TrackCVE | |||
| 2022-12-07 08:14:11 | 2022-10-17T16:15Z | 2022-10-17T16:15:20 | CVE Published Date | updated |
| 2022-12-07 08:14:11 | 2022-10-19T14:21:52 | CVE Modified Date | updated | |
| 2022-12-07 08:14:11 | Analyzed | Vulnerability Status | updated | |
| 2022-12-07 08:14:26 | References | updated |