CVE-2020-6938

HIGH

Tableau Server < 2020.2 - Log Information Exposure

Title source: rule

Description

A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files.

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://help.salesforce.com/apex/HTViewSolution?urlname=Sensitive-information-disclosure-vulnerability-affecting-Tableau-Server-in-certain-use-cases&language=en_US

Third Party Advisory x_refsource_misc

https://help.salesforce.com/articleView?id=000354158&type=1&mode=1

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 54.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-532

Status published

Products (2)

tableau/tableau_server 10.5

tableau/tableau_server 2018.1 - 2020.2

Published Jul 08, 2020

Tracked Since Feb 18, 2026