Description
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Trustwave's SpiderLabs · textwebappswindows
https://www.exploit-db.com/exploits/31578
References (9)
Core 9
Core References
Various Sources x_refsource_misc
https://www.trustwave.com/spiderlabs/advisories/TWSL2014-003.txt
Release Notes x_refsource_confirm
http://www.tableausoftware.com/support/releases/8.0.7
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/102568
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/31578
Vendor Advisory x_refsource_confirm
http://www.tableausoftware.com/support/releases/812
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90730
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56620
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029706
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65171
Scores
EPSS
0.0232
EPSS Percentile
84.9%
Details
CWE
CWE-89
Status
published
Products (9)
tableausoftware/tableau_server
8.0
tableausoftware/tableau_server
8.0.1
tableausoftware/tableau_server
8.0.2
tableausoftware/tableau_server
8.0.3
tableausoftware/tableau_server
8.0.4
tableausoftware/tableau_server
8.0.5
tableausoftware/tableau_server
8.0.6
tableausoftware/tableau_server
8.1
tableausoftware/tableau_server
8.1.1
Published
Jan 31, 2014
Tracked Since
Feb 18, 2026