SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Tableau Server Vendors:   Tableau Software
Tableau Sparkler Flaw Lets Remote Authenticated Users Impersonate Other Tableau Server Users
SecurityTracker Alert ID:  1034945
SecurityTracker URL:  http://securitytracker.com/id/1034945
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 5 2016
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Salesforce Canvas Adapter for Tableau 1.01 and prior
Description:   A vulnerability was reported in Tableau Sparkler. A remote authenticated user can impersonate another Tableau Server user on the target system.

A remote authenticated user that authenticate to Salesforce and issue a request for a Tableau view can impersonate an arbitrary Tableau Server user identity, including administrative users.

The Tableau Sparkler (Salesforce Canvas Adapter for Tableau) component is affected.

Tableau Sparkler is affected when configured to use Trusted Authentication to communicate with the target Tableau Server. Tableau Sparkler is not affected when configured to use SAML.

Tableau Online is not affected.

Impact:   A remote authenticated user can impersonate another Tableau Server user on the target system.
Solution:   The vendor has issued a fix (Tableau Sparkler/Salesforce Canvas Adapter for Tableau 1.02).

The vendor's advisory is available at:

http://kb.tableau.com/articles/knowledgebase/security-advisory-sparkler-can-allow-unauthorized-impersonation

Vendor URL:  kb.tableau.com/articles/knowledgebase/security-advisory-sparkler-can-allow-unauthorized-impersonation (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC