VDB

CVE-2022-22128

CVE-2022-22128 PUBLISHED CVSS 9.8 CRITICAL

Reported by Salesforce · Published October 17, 2022

Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.

Risk Scores

CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
n/aTableau Server2022.1 - 2022.1.42021.4 - 2021.4.92021.3 - 2021.3.142021.2 - 2021.2.152021.1 - 2021.1.172020.4 - 2020.4.20
n/aTableau Server2022.1 - 2022.1.42021.4 - 2021.4.92021.3 - 2021.3.142021.2 - 2021.2.152021.1 - 2021.1.172020.4 - 2020.4.20

Timeline

  • Oct 17, 2022 CVE Published
  • Oct 18, 2022 EPSS Score
  • Oct 20, 2022 EPSS Score
  • Jan 14, 2023 EPSS Score
  • Feb 26, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Jul 8, 2023 EPSS Score
  • Aug 21, 2023 EPSS Score
  • Nov 16, 2023 EPSS Score
  • Dec 30, 2023 EPSS Score
  • Feb 12, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›