Security Advisories
Date
Type
Subject
Description
Products
September 7, 2023
Vulnerability
Server-side request forgery vulnerability which could allow a malicious actor to authenticate into instances of Tableau Server to access customers’ hosted data.
Tableau
July 17, 2023
Vulnerability
JavaScript vulnerability affecting the Salesforce tough-cookie open-source NPM project, which could allow a malicious actor to attach cookie data to a global namespace.
—
June 28, 2023
Security Update
Tableau Python Server (TabPy) installations may be configured to execute arbitrary python code without authentication. Products Affected: TabPy 2.8.0 and earlier.
Tableau
June 13, 2023
Vulnerability
Vulnerabilities could lead to unauthorized access to the MOVEit file transfer product and environment. No impact to Salesforce customer data at this time. On June 16, an additional critical vulnerability (ending in 708) was announced. On July 5, CVEs ending in 932, 933, and 934 were announced.
—
January 31, 2023
Process Update
Customers are no longer required to obtain prior approval before performing security assessments for Salesforce products.
—
October 14, 2022
Vulnerability
Issue affecting Tableau Server Administration Agent
Tableau
June 22, 2022
Vulnerability
Tableau Server logging Personal Access Tokens into internal log repositories
Tableau
May 23, 2022
Vulnerability
Broken access control vulnerability in Tableau Server
Tableau
April 15, 2022
Security Notification
GitHub repositories connected to Heroku issue
Heroku
March 30, 2022
Vulnerability
Spring4Shell vulnerability published in March 2022
ClickSoftware, Commerce Cloud, Experience Cloud, Heroku, Hyperforce, Marketing Cloud, MuleSoft, Pardot, Quip, Sales Cloud, Salesforce Einstein, Salesforce Platform, Service Cloud, Slack, Tableau
December 10, 2021
Vulnerability
Apache Log4j2 vulnerability published on December 10, 2021
ClickSoftware, Commerce Cloud, Experience Cloud, Heroku, Hyperforce, Marketing Cloud, MuleSoft, Pardot, Quip, Sales Cloud, Salesforce Einstein, Salesforce Platform, Service Cloud, Slack, Tableau
October 27, 2021
Security Update
Response to October 24, 2021, Microsoft blog post
—
October 21, 2021
Vulnerability
Sensitive Information Exposure
Tableau
October 4, 2021
Security Update
Response to October 4, 2021, CERT Coordination Center note (VU#883754)
—
September 22, 2021
Vulnerability
Information Disclosure
Tableau
August 16, 2021
Security Notification
Oracle NetSuite and SAP SuccessFactors connectors used in Tableau Gallery may be storing sensitive data in a subset of Tableau On-Premise customers’ logging infrastructure
—
August 11, 2021
Security Update
Response to August 10, 2021, Varonis blog post
—
July 28, 2021
Vulnerability
XML external entity (XXE) vulnerability in Mule runtime
MuleSoft
July 7, 2021
Ransomware
Kaseya VSA ransomware attack on July 2, 2021
—
June 22, 2021
Vulnerability
Improper Data Cache Access Control When Using Initial SQL
Tableau
