2021 Security Advisories

Date (DD/MM/YYYY)
Type
Subject
Description
Vulnerability

ADV-2021-017

Sensitive Information Exposure

Security Update

Configuration of Salesforce Developer Experience Command Line Interface

Response to October 4, 2021, CERT Coordination Center note (VU#883754) 

Vulnerability
ADV-2021-016

Information Disclosure

Security Notification

Oracle NetSuite and SAP SuccessFactors connectors issue

Oracle NetSuite and SAP SuccessFactors connectors used in Tableau Gallery may be storing sensitive data in a subset of Tableau On-Premise customers’ logging infrastructure  

Security Update

Configuration of Salesforce Sites and Communities Guest User Access Control Permissions

Response to August 10, 2021, Varonis blog post

Vulnerability

CVE-2021-1630

XML external entity (XXE) vulnerability in Mule runtime

Ransomware

Kaseya Ransomware Attack

Kaseya VSA ransomware attack on July 2, 2021

Vulnerability

ADV-2021-015

Improper Data Cache Access Control When Using Initial SQL

Vulnerability

ADV-2021-013

Sensitive Information Logged

Vulnerability

Codecov Bash Uploader Compromise

Bash Uploader users’ secrets compromised by threat actor

Vulnerability

ADV-2021-009

Information Disclosure

Vulnerability

Microsoft Exchange Server vulnerabilities

Microsoft Exchange Server vulnerabilities published on March 2, 2021 

Vulnerability

ADV-2021-012

HTML Injection in Emails

Vulnerability

ADV-2021-011

Denial of Service Vulnerability in Tableau Server

Vulnerability

ADV-2021-010

Tableau Server Open Redirect

Vulnerability

CVE-2021-1628

XML External Entity (XXE) vulnerability in Mule runtime

Vulnerability

CVE-2021-1627

Server Side Request Forgery in Mule runtime

Vulnerability

CVE-2021-1626

Remote Code Execution vulnerability in Mule runtime

Vulnerability

ADV-2021-008

Information Disclosure

Vulnerability

ADV-2021-007

Database Password Logged in Debug Log

Vulnerability

ADV-2021-006

Not All Secrets Encrypted In Configuration

Vulnerability

ADV-2021-005

Tableau Server Logs Postgres Repository Password

Vulnerability

ADV-2021-004

Memory Corruption

Vulnerability

ADV-2021-003

Authentication Bypass in IPv6 Networks

Vulnerability

ADV-2021-002

Information Disclosure

Vulnerability

ADV-2021-001

Reflected Error Message Content Injection

2020 Security Advisories

Date (DD/MM/YYYY)
Type
Subject
Description
Vulnerability

ADV-2020-061

Tableau Server Non-Default Installation Weak Folder Permissions

Vulnerability

ADV-2020-060

Tableau Server Default Installation Weak Folder Permissions
Vulnerability

ADV-2020-059

Tableau Fixes a Vulnerability in QtWebEngine

Vulnerability

SolarWinds Software Compromise

Federal government and Fortune 500 companies compromised by supply chain attack

Vulnerability

CVE-2020-6939

Unauthenticated API Endpoints

Vulnerability

ADV-2020-058

Privilege Escalation in Tableau Products

Vulnerability

ADV-2020-057

File Path Disclosure of Temporary Files

Vulnerability

ADV-2020-056

Unauthenticated API Endpoints

Vulnerability

ADV-2020-055

Database Credentials In Log Files

Vulnerability

ADV-2020-054

Tableau Desktop stores plaintext secrets in configuration file

Vulnerability

ADV-2020-053

Non-ASCII characters parsing error

Vulnerability

ADV-2020-052

Tableau Server Allows External Web Pages In Web Zones

Vulnerability

ADV-2020-051

Tableau Products Integer Overflow

Vulnerability

ADV-2020-050

REST API Returns a Site Configuration Value to Unauthenticated Users

Vulnerability

ADV-2020-049

Plaintext Data Source Secrets In Repository

Vulnerability

ADV-2020-048

Tableau Server Sensitive Values In Log File Location

Vulnerability

ADV-2020-047

Some Permission Changes Don't Take Effect Until Server Restart

Vulnerability

ADV-2020-046

Tableau Server Sensitive Values In Logs

Vulnerability

ADV-2020-045

Tableau Server Logs Contain Webhook URLs

Vulnerability

ADV-2020-044

External Service Connection Fails To Validate Host Name

Vulnerability

CVE-2020-6938

Sensitive information disclosure vulnerability in Tableau Server

Vulnerability

CVE-2020-6937

Denial of Service vulnerability in Mule runtime

Security Enhancements

COVID-19 Business Continuity Statement

Salesforce has not experienced any significant business impacts

2019 Security Advisories

Date (DD/MM/YYYY)
Type
Subject
Description
Vulnerability

CVE-2019-15631

Remote Code Execution in Mule runtime and API Gateway

Vulnerability

CVE-2019-15630

Directory Traversal in MuleSoft Runtime

Security Enhancements

Manage Security Contacts for Your Organization

If your organization is impacted by an information security incident, your organization’s Security Contact(s) will be notified.

Security Enhancements

Enhancements to Security of Community and Portal Users

Potential impact to default sharing settings

2018 Security Advisories

Date (DD/MM/YYYY)
Type
Subject
Description
Email Scam

Phishing Campaign

Salesforce-themed phishing campaign

Vulnerability

Salesforce Security Vulnerability

Security vulnerability impact on Salesforce Sites and Communities

Vulnerability

Twitter Account Activity API

Vulnerability of Twitter Account Activity API

2017 Security Advisories

Date (DD/MM/YYYY)
Type
Subject
Description
Vulnerability/Ransomware

MS17-010 Vulnerability (AKA EternalBlue)

Malware leveraging MS17-010 (AKA EternalBlue) Vulnerability

Malware

TrickBot / The Trick

Malware may target Salesforce Users.

Ransomware

WannaCry Ransomware

Ransomware targeting Windows "Eternal Blue" vulnerability.

Email Scam

Google Docs Phishing Campaign

Google Docs invitation containing a phishing link.

Service Provider Vulnerability

Cloudflare Vulnerability

Cloudflare, an embedded content delivery network and internet security services provider, disclosed a security vulnerability in their edge servers, which could expose information such as HTTP cookies, authentication tokens, and HTTP POST bodies.

Report a Security Concern

As a leading software-as-a-service and platform-as-a-service provider, Salesforce is committed to setting the standard in safeguarding our environment and customers’ data. Partner with us by reporting any security concerns.

Report a Concern