Salesforce Security Advisories

Trust | Security

Trust | Security

2021 Security Advisories

Date (DD/MM/YYYY)

Type

Subject

Description

Vulnerability

ADV-2021-008

Information Disclosure

Vulnerability

ADV-2021-007

Database Password Logged in Debug Log

Vulnerability

ADV-2021-006

Not All Secrets Encrypted In Configuration

Vulnerability

ADV-2021-005

Tableau Server Logs Postgres Repository Password

Vulnerability

ADV-2021-004

Memory Corruption

Vulnerability

ADV-2021-003

Authentication Bypass in IPv6 Networks

Vulnerability

ADV-2021-002

Information Disclosure

Vulnerability

ADV-2021-001

Reflected Error Message Content Injection

2020 Security Advisories

Date (DD/MM/YYYY)

Type

Subject

Description

Vulnerability

ADV-2020-061

Tableau Server Non-Default Installation Weak Folder Permissions

Vulnerability

ADV-2020-060

Tableau Server Default Installation Weak Folder Permissions

Vulnerability

ADV-2020-059

Tableau Fixes a Vulnerability in QtWebEngine

Vulnerability

SolarWinds Software Compromise

Federal government and Fortune 500 companies compromised by supply chain attack

Vulnerability

CVE-2020-6939

Unauthenticated API Endpoints

Vulnerability

ADV-2020-058

Privilege Escalation in Tableau Products

Vulnerability

ADV-2020-057

File Path Disclosure of Temporary Files

Vulnerability

ADV-2020-056

Unauthenticated API Endpoints

Vulnerability

ADV-2020-055

Database Credentials In Log Files

Vulnerability

ADV-2020-054

Tableau Desktop stores plaintext secrets in configuration file

Vulnerability

ADV-2020-053

Non-ASCII characters parsing error

Vulnerability

ADV-2020-052

Tableau Server Allows External Web Pages In Web Zones

Vulnerability

ADV-2020-051

Tableau Products Integer Overflow

Vulnerability

ADV-2020-050

REST API Returns a Site Configuration Value to Unauthenticated Users

Vulnerability

ADV-2020-049

Plaintext Data Source Secrets In Repository

Vulnerability

ADV-2020-048

Tableau Server Sensitive Values In Log File Location

Vulnerability

ADV-2020-047

Some Permission Changes Don't Take Effect Until Server Restart

Vulnerability

ADV-2020-046

Tableau Server Sensitive Values In Logs

Vulnerability

ADV-2020-045

Tableau Server Logs Contain Webhook URLs

Vulnerability

ADV-2020-044

External Service Connection Fails To Validate Host Name

Vulnerability

CVE-2020-6938

Sensitive information disclosure vulnerability in Tableau Server

Vulnerability

CVE-2020-6937

Denial of Service vulnerability in Mule runtime

Security Enhancements

COVID-19 Business Continuity Statement

Salesforce has not experienced any significant business impacts

2019 Security Advisories

Date (DD/MM/YYYY)

Type

Subject

Description

Vulnerability

CVE-2019-15631

Remote Code Execution in Mule runtime and API Gateway

Vulnerability

CVE-2019-15630

Directory Traversal in MuleSoft Runtime

Security Enhancements

Manage Security Contacts for Your Organization

If your organization is impacted by an information security incident, your organization’s Security Contact(s) will be notified.

Security Enhancements

Enhancements to Security of Community and Portal Users

Potential impact to default sharing settings

2018 Security Advisories

Date (DD/MM/YYYY)

Type

Subject

Description

Email Scam

Phishing Campaign

Salesforce-themed phishing campaign

Vulnerability

Salesforce Security Vulnerability

Security vulnerability impact on Salesforce Sites and Communities

Vulnerability

Twitter Account Activity API

Vulnerability of Twitter Account Activity API

2017 Security Advisories

Date (DD/MM/YYYY)

Type

Subject

Description

Vulnerability/Ransomware

MS17-010 Vulnerability (AKA EternalBlue)

Malware leveraging MS17-010 (AKA EternalBlue) Vulnerability

Malware

TrickBot / The Trick

Malware may target Salesforce Users.

Ransomware

WannaCry Ransomware

Ransomware targeting Windows "Eternal Blue" vulnerability.

Email Scam

Google Docs Phishing Campaign

Google Docs invitation containing a phishing link.

Service Provider Vulnerability

Cloudflare Vulnerability

Cloudflare, an embedded content delivery network and internet security services provider, disclosed a security vulnerability in their edge servers, which could expose information such as HTTP cookies, authentication tokens, and HTTP POST bodies.

Report a Security Concern

As a leading software-as-a-service and platform-as-a-service provider, Salesforce is committed to setting the standard in safeguarding our environment and customers’ data. Partner with us by reporting any security concerns.

Report a Concern