Subscribe to RSSDate (YYYY-MM-DD)
Type
Subject
Description
Products
2022-06-22
Vulnerability
Tableau security update
Tableau Server logging Personal Access Tokens into internal log repositories
Tableau
2022-05-23
Vulnerability
CVE-2022-22127
Broken access control vulnerability in Tableau Server
Tableau
2022-04-15
Security Notification
Heroku security notification
GitHub repositories connected to Heroku issue
Heroku
2022-03-30
Vulnerability
Spring4Shell Security Update
Spring4Shell vulnerability published in March 2022
Tableau, Slack, Service Cloud, Salesforce Einstein, Salesforce Core, Sales Cloud, Quip, Pardot, MuleSoft, Marketing Cloud, Hyperforce, Heroku, Experience Cloud, Commerce Cloud, ClickSoftware
2021-12-10
Vulnerability
Apache Log4j2 vulnerability
Apache Log4j2 vulnerability published on December 10, 2021
Tableau, Service Cloud, Slack, Salesforce Einstein, Salesforce Core, Sales Cloud, Quip, Pardot, MuleSoft, Marketing Cloud, Hyperforce, Heroku, Experience Cloud, ClickSoftware, Commerce Cloud
2021-10-27
Security Update
Nobelium Attacks Targeting Cloud Services, Supply Chains
Response to October 24, 2021, Microsoft blog post
N/A
2021-10-21
Vulnerability
ADV-2021-017
Sensitive Information Exposure
Tableau
2021-10-04
Security Update
Configuration of Salesforce Developer Experience Command Line Interface
Response to October 4, 2021, CERT Coordination Center note (VU#883754)
N/A
2021-09-22
Vulnerability
ADV-2021-016
Information Disclosure
Tableau
2021-08-16
Security Notification
Oracle NetSuite and SAP SuccessFactors connectors issue
Oracle NetSuite and SAP SuccessFactors connectors used in Tableau Gallery may be storing sensitive data in a subset of Tableau On-Premise customers’ logging infrastructure
N/A
2021-08-11
Security Update
Configuration of Salesforce Sites and Communities Guest User Access Control Permissions
Response to August 10, 2021, Varonis blog post
N/A
2021-07-28
Vulnerability
CVE-2021-1630
XML external entity (XXE) vulnerability in Mule runtime
MuleSoft
2021-07-07
Ransomware
Kaseya Ransomware Attack
Kaseya VSA ransomware attack on July 2, 2021
N/A
2021-06-22
Vulnerability
ADV-2021-015
Improper Data Cache Access Control When Using Initial SQL
Tableau
2021-04-22
Vulnerability
ADV-2021-013
Sensitive Information Logged
Tableau
2021-04-15
Vulnerability
Codecov Bash Uploader Compromise
Bash Uploader users’ secrets compromised by threat actor
N/A
2021-03-25
Vulnerability
ADV-2021-009
Information Disclosure
Tableau
2021-03-24
Vulnerability
Microsoft Exchange Server vulnerabilities
Microsoft Exchange Server vulnerabilities published on March 2, 2021
N/A
2021-03-23
Vulnerability
ADV-2021-010
Tableau Server Open Redirect
Tableau
2021-03-23
Vulnerability
ADV-2021-011
Denial of Service Vulnerability in Tableau Server
Tableau
2021-03-23
Vulnerability
ADV-2021-012
HTML Injection in Emails
Tableau
2021-03-22
Vulnerability
CVE-2021-1627
Server Side Request Forgery in Mule runtime
MuleSoft
2021-03-22
Vulnerability
CVE-2021-1626
Remote Code Execution vulnerability in Mule runtime
MuleSoft
2021-03-22
Vulnerability
CVE-2021-1628
XML External Entity (XXE) vulnerability in Mule runtime
MuleSoft
2021-02-25
Vulnerability
ADV-2021-005
Tableau Server Logs Postgres Repository Password
Tableau
2021-02-25
Vulnerability
ADV-2021-007
Database Password Logged in Debug Log
Tableau
2021-02-25
Vulnerability
ADV-2021-008
Information Disclosure
Tableau
2021-02-25
Vulnerability
ADV-2021-006
Not All Secrets Encrypted In Configuration
Tableau
2021-01-21
Vulnerability
ADV-2021-001
Reflected Error Message Content Injection
Tableau
2021-01-21
Vulnerability
ADV-2021-002
Information Disclosure
Tableau
2021-01-21
Vulnerability
ADV-2021-003
Authentication Bypass in IPv6 Networks
Tableau
2021-01-21
Vulnerability
ADV-2021-004
Memory Corruption
Tableau
2020-12-16
Vulnerability
ADV-2020-060
Tableau Server Default Installation Weak Folder Permissions
Tableau
2020-12-16
Vulnerability
ADV-2020-059
Tableau Fixes a Vulnerability in QtWebEngine
Tableau
2020-12-16
Vulnerability
ADV-2020-061
Tableau Server Non-Default Installation Weak Folder Permissions
Tableau
2020-12-15
Vulnerability
SolarWinds Software Compromise
Federal government and Fortune 500 companies compromised by supply chain attack
N/A
2020-11-19
Vulnerability
CVE-2020-6939
Unauthenticated API Endpoints
Tableau
2020-11-19
Vulnerability
ADV-2020-056
Unauthenticated API Endpoints
Tableau
2020-11-19
Vulnerability
ADV-2020-057
File Path Disclosure of Temporary Files
Tableau
2020-11-19
Vulnerability
ADV-2020-058
Privilege Escalation in Tableau Products
Tableau
2020-10-29
Vulnerability
ADV-2020-052
Tableau Server Allows External Web Pages In Web Zones
Tableau
2020-10-29
Vulnerability
ADV-2020-053
Non-ASCII characters parsing error
Tableau
2020-10-29
Vulnerability
ADV-2020-054
Tableau Desktop stores plaintext secrets in configuration file
Tableau
2020-10-29
Vulnerability
ADV-2020-055
Database Credentials In Log Files
Tableau
2020-09-30
Vulnerability
ADV-2020-051
Tableau Products Integer Overflow
Tableau
2020-08-27
Vulnerability
ADV-2020-047
Some Permission Changes Don't Take Effect Until Server Restart
Tableau
2020-08-27
Vulnerability
ADV-2020-045
Tableau Server Logs Contain Webhook URLs
Tableau
2020-08-27
Vulnerability
ADV-2020-044
External Service Connection Fails To Validate Host Name
Tableau
2020-08-27
Vulnerability
ADV-2020-046
Tableau Server Sensitive Values In Logs
Tableau
2020-08-27
Vulnerability
ADV-2020-049
Plaintext Data Source Secrets In Repository
Tableau
2020-08-27
Vulnerability
ADV-2020-048
Tableau Server Sensitive Values In Log File Location
Tableau
2020-08-27
Vulnerability
ADV-2020-050
REST API Returns a Site Configuration Value to Unauthenticated Users
Tableau
2020-07-07
Vulnerability
CVE-2020-6938
Sensitive information disclosure vulnerability in Tableau Server
Tableau
2020-05-26
Vulnerability
CVE-2020-6937
Denial of Service vulnerability in Mule runtime
MuleSoft
2020-03-17
Security Enhancements
COVID-19 Business Continuity Statement
Salesforce has not experienced any significant business impacts
N/A
2019-11-29
Vulnerability
CVE-2019-15631
Remote Code Execution in Mule runtime and API Gateway
MuleSoft
2019-08-30
Vulnerability
CVE-2019-15630
Directory Traversal in MuleSoft Runtime
MuleSoft
2019-07-01
Security Enhancements
Manage Security Contacts for Your Organization
If your organization is impacted by an information security incident, your organization’s Security Contact(s) will be notified.
N/A
2019-05-13
Security Enhancements
Enhancements to Security of Community and Portal Users
Potential impact to default sharing settings
N/A
2018-11-28
Email Scam
Phishing Campaign
Salesforce-themed phishing campaign
N/A
2018-10-05
Vulnerability
Salesforce Security Vulnerability
Security vulnerability impact on Salesforce Sites and Communities
N/A
2018-09-21
Vulnerability
Twitter Account Activity API
Vulnerability of Twitter Account Activity API
N/A
2017-06-27
Vulnerability/Ransomware
MS17-010 Vulnerability (AKA EternalBlue)
Malware leveraging MS17-010 (AKA EternalBlue) Vulnerability
N/A
2017-06-21
Malware
TrickBot / The Trick
Malware may target Salesforce Users.
N/A
2017-05-15
Ransomware
WannaCry Ransomware
Ransomware targeting Windows "Eternal Blue" vulnerability.
N/A
2017-05-03
Email Scam
Google Docs Phishing Campaign
Google Docs invitation containing a phishing link.
N/A
2017-02-27
Service Provider Vulnerability
Cloudflare Vulnerability
Cloudflare, an embedded content delivery network and internet security services provider, disclosed a security vulnerability in their edge servers, which could expose information such as HTTP cookies, authentication tokens, and HTTP POST bodies.
N/A
Report a Security Concern
As a leading software-as-a-service and platform-as-a-service provider, Salesforce is committed to setting the standard in safeguarding our environment and customers’ data. Partner with us by reporting any security concerns.