KNOWLEDGE BASE

Is Tableau Server or Tableau Online affected by CERT VU#475445 (CWE 287)


Published: 28 Feb 2018
Last Modified Date: 02 Mar 2018

Question

Is Tableau Server or Tableau Online affected by CERT VU#475445?

Environment

  • Tableau Server
  • Tableau Online

Answer

CWE 287 indicates a class of vulnerabilities related to improper authentication. CERT VU#475445 addresses a specific improper authentication issue regarding SAML libraries underneath this general classification.

Tableau Server and Tableau Online do not use any of the affected libraries. Tableau uses the Java version of openSAML from the Shibboleth Consortium and this version of the Java library is not affected by this vulnerability.
Internal testing done by our Product Security team has also confirmed that Tableau Server and Online are not affected.
Did this article resolve the issue?