KNOWLEDGE BASE

SSL CVE-2015-0204


Published: 04 Mar 2015
Last Modified Date: 27 Oct 2017

Issue

On March 3, 2015, a new SSL/TLS security vulnerability nicknamed FREAK was discovered. FREAK allows attackers to intercept and potentially decrypt or alter HTTPS communication from vulnerable systems. For more information, see CVE-2015-0204 on the National Vulnerability Database website.

Environment

  • Tableau Server
  • Tableau Desktop
  • Tableau Reader
  • Tableau Mobile
  • Tableau Online
  • Tableau Public

Resolution

Tableau Desktop and Tableau Server

If you are running the following versions of Tableau Desktop and Tableau Server, you are not at risk.
Tableau Desktop/Tableau Server releaseVersions not at risk
8.1.x8.1.16 or later
8.2.x8.2.8 or later
8.3.x8.3.3 or later

Tableau Reader

If you are using the latest version of Tableau Reader, you are not at risk.

Tableau Mobile

If you are using Tableau on a mobile device, you may be at risk because Tableau uses the security platform built into the operating system. Update your mobile operating system as patches become available. 

Tableau Online

Tableau Online is not impacted by this vulnerability.

Tableau Public

After a thorough investigation, we determined that Tableau Public was impacted by the FREAK vulnerability. As of March 10, 2015, an update was completed and Tableau Public is no longer vulnerable. We have no evidence that this vulnerability was exploited.

More Information

Because this vulnerability poses a significant risk, we recommend that you upgrade your Tableau products to the new versions as they become available. We also strongly encourage you to update your operating systems as patches become available.

Additional Information

The following articles in Tableau Knowledge Base help you determine which version of Tableau you are running: 
For more information about FREAK, go to the https://freakattack.com/ website.

If you need further support form Tableau, fill out the following form: http://tableau.force.com/casesubmit/?subject=FREAK%20CVE-2015-0204 and then click Submit Support Case.

 
Did this article resolve the issue?