CVE-2019-15637

HIGH EXPLOITED

Tableau Server 10.5-10.5.17 - XML External Entity Injection via Workbook

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2019-15637 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Jarad Kopf.

AI-analyzed exploit summary This exploit leverages an XXE (XML External Entity) vulnerability in Tableau products by sending a malicious XML payload in a multipart/form-data request. The payload attempts to fetch data from an attacker-controlled server, demonstrating the vulnerability.

Description

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jarad Kopf · pythonwebappsmultiple
https://www.exploit-db.com/exploits/47308

This exploit leverages an XXE (XML External Entity) vulnerability in Tableau products by sending a malicious XML payload in a multipart/form-data request. The payload attempts to fetch data from an attacker-controlled server, demonstrating the vulnerability.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Tableau Desktop/Server (versions affected per CVE-2019-15637)
Auth required
Prerequisites: Valid session cookie (workgroup_session_id) · Access to a target dashboard · Attacker-controlled server to host malicious DTD
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.1
EPSS 0.1431
EPSS Percentile 96.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

VulnCheck KEV 2024-07-25
CWE
CWE-611
Status published
Products (4)
tableau/tableau_desktop 10.2 - 10.2.23
tableau/tableau_public_desktop 10.2 - 10.2.2
tableau/tableau_reader 10.2 - 10.2.2
tableau/tableau_server 10.5 - 10.5.18
Published Aug 26, 2019
Tracked Since Feb 18, 2026