Salesforce Security Advisories

2021 Security Advisories

Date (DD/MM/YYYY)

Type

Subject

Description

21 Oct 2021

Vulnerability

ADV-2021-017

Sensitive Information Exposure

4 Oct 2021

Security Update

Configuration of Salesforce Developer Experience Command Line Interface

Response to October 4, 2021, CERT Coordination Center note (VU#883754)

22 Sept 2021

Vulnerability

ADV-2021-016

Information Disclosure

16 Sept 2021

Security Notification

Oracle NetSuite and SAP SuccessFactors connectors issue

Oracle NetSuite and SAP SuccessFactors connectors used in Tableau Gallery may be storing sensitive data in a subset of Tableau On-Premise customers’ logging infrastructure

11 Aug 2021

Security Update

Configuration of Salesforce Sites and Communities Guest User Access Control Permissions

Response to August 10, 2021, Varonis blog post

28 Jul 2021

Vulnerability

CVE-2021-1630

XML external entity (XXE) vulnerability in Mule runtime

7 Jul 2021

Ransomware

Kaseya Ransomware Attack

Kaseya VSA ransomware attack on July 2, 2021

22 Jun 2021

Vulnerability

ADV-2021-015

Improper Data Cache Access Control When Using Initial SQL

22 Apr 2021

Vulnerability

ADV-2021-013

Sensitive Information Logged

15 Apr 2021

Vulnerability

Codecov Bash Uploader Compromise

Bash Uploader users’ secrets compromised by threat actor

25 Mar 2021

Vulnerability

ADV-2021-009

Information Disclosure

24 Mar 2021

Vulnerability

Microsoft Exchange Server vulnerabilities

Microsoft Exchange Server vulnerabilities published on March 2, 2021

23 Mar 2021

Vulnerability

ADV-2021-012

HTML Injection in Emails

23 Mar 2021

Vulnerability

ADV-2021-011

Denial of Service Vulnerability in Tableau Server

23 Mar 2021

Vulnerability

ADV-2021-010

Tableau Server Open Redirect

22 Mar 2021

Vulnerability

CVE-2021-1628

XML External Entity (XXE) vulnerability in Mule runtime

22 Mar 2021

Vulnerability

CVE-2021-1627

Server Side Request Forgery in Mule runtime

22 Mar 2021

Vulnerability

CVE-2021-1626

Remote Code Execution vulnerability in Mule runtime

25 Feb 2021

Vulnerability

ADV-2021-008

Information Disclosure

25 Feb 2021

Vulnerability

ADV-2021-007

Database Password Logged in Debug Log

25 Feb 2021

Vulnerability

ADV-2021-006

Not All Secrets Encrypted In Configuration

25 Feb 2021

Vulnerability

ADV-2021-005

Tableau Server Logs Postgres Repository Password

21 Jan 2021

Vulnerability

ADV-2021-004

Memory Corruption

21 Jan 2021

Vulnerability

ADV-2021-003

Authentication Bypass in IPv6 Networks

21 Jan 2021

Vulnerability

ADV-2021-002

Information Disclosure

21 Jan 2021

Vulnerability

ADV-2021-001

Reflected Error Message Content Injection

2020 Security Advisories

Date (DD/MM/YYYY)

Type

Subject

Description

16 Dec 2020

Vulnerability

ADV-2020-061

Tableau Server Non-Default Installation Weak Folder Permissions

16 Dec 2020

Vulnerability

ADV-2020-060

Tableau Server Default Installation Weak Folder Permissions

16 Dec 2020

Vulnerability

ADV-2020-059

Tableau Fixes a Vulnerability in QtWebEngine

15 Dec 2020

Vulnerability

SolarWinds Software Compromise

Federal government and Fortune 500 companies compromised by supply chain attack

19 Nov 2020

Vulnerability

CVE-2020-6939

Unauthenticated API Endpoints

19 Nov 2020

Vulnerability

ADV-2020-058

Privilege Escalation in Tableau Products

19 Nov 2020

Vulnerability

ADV-2020-057

File Path Disclosure of Temporary Files

19 Nov 2020

Vulnerability

ADV-2020-056

Unauthenticated API Endpoints

29 Oct 2020

Vulnerability

ADV-2020-055

Database Credentials In Log Files

29 Oct 2020

Vulnerability

ADV-2020-054

Tableau Desktop stores plaintext secrets in configuration file

29 Oct 2020

Vulnerability

ADV-2020-053

Non-ASCII characters parsing error

29 Oct 2020

Vulnerability

ADV-2020-052

Tableau Server Allows External Web Pages In Web Zones

30 Sep 2020

Vulnerability

ADV-2020-051

Tableau Products Integer Overflow

27 Aug 2020

Vulnerability

ADV-2020-050

REST API Returns a Site Configuration Value to Unauthenticated Users

27 Aug 2020

Vulnerability

ADV-2020-049

Plaintext Data Source Secrets In Repository

27 Aug 2020

Vulnerability

ADV-2020-048

Tableau Server Sensitive Values In Log File Location

27 Aug 2020

Vulnerability

ADV-2020-047

Some Permission Changes Don't Take Effect Until Server Restart

27 Aug 2020

Vulnerability

ADV-2020-046

Tableau Server Sensitive Values In Logs

27 Aug 2020

Vulnerability

ADV-2020-045

Tableau Server Logs Contain Webhook URLs

27 Aug 2020

Vulnerability

ADV-2020-044

External Service Connection Fails To Validate Host Name

07 Jul 2020

Vulnerability

CVE-2020-6938

Sensitive information disclosure vulnerability in Tableau Server

26 May 2020

Vulnerability

CVE-2020-6937

Denial of Service vulnerability in Mule runtime

17 Mar 2020

Security Enhancements

COVID-19 Business Continuity Statement

Salesforce has not experienced any significant business impacts

2019 Security Advisories

Date (DD/MM/YYYY)

Type

Subject

Description

29 Nov 2019

Vulnerability

CVE-2019-15631

Remote Code Execution in Mule runtime and API Gateway

30 Aug 2019

Vulnerability

CVE-2019-15630

Directory Traversal in MuleSoft Runtime

01 Jul 2019

Security Enhancements

Manage Security Contacts for Your Organization

If your organization is impacted by an information security incident, your organization’s Security Contact(s) will be notified.

13 May 2019

Security Enhancements

Enhancements to Security of Community and Portal Users

Potential impact to default sharing settings

2018 Security Advisories

Date (DD/MM/YYYY)

Type

Subject

Description

28 Nov 2018

Email Scam

Phishing Campaign

Salesforce-themed phishing campaign

05 Oct 2018

Vulnerability

Salesforce Security Vulnerability

Security vulnerability impact on Salesforce Sites and Communities

21 Sep 2018

Vulnerability

Twitter Account Activity API

Vulnerability of Twitter Account Activity API

2017 Security Advisories

Date (DD/MM/YYYY)

Type

Subject

Description

28 Jun 2017

Vulnerability/Ransomware

MS17-010 Vulnerability (AKA EternalBlue)

Malware leveraging MS17-010 (AKA EternalBlue) Vulnerability

21 Jun 2017

Malware

TrickBot / The Trick

Malware may target Salesforce Users.

15 May 2017

Ransomware

WannaCry Ransomware

Ransomware targeting Windows "Eternal Blue" vulnerability.

03 May 2017

Email Scam

Google Docs Phishing Campaign

Google Docs invitation containing a phishing link.

27 Feb 2017

Service Provider Vulnerability

Cloudflare Vulnerability

Cloudflare, an embedded content delivery network and internet security services provider, disclosed a security vulnerability in their edge servers, which could expose information such as HTTP cookies, authentication tokens, and HTTP POST bodies.

Report a Security Concern

As a leading software-as-a-service and platform-as-a-service provider, Salesforce is committed to setting the standard in safeguarding our environment and customers’ data. Partner with us by reporting any security concerns.

Report a Concern