Security vulnerabilities CVE-2022-42889 and CVE-2022-33980 | Tableau Software

KNOWLEDGE BASE

Security vulnerabilities CVE-2022-42889 and CVE-2022-33980

Published: 19 Oct 2022
Last Modified Date: 15 Feb 2023

Issue

Apache Commons Text versions 1.5 - 1.9 and Apache Commons Configuration versions 2.4 - 2.7 are impacted by CVE-2022-42889 and CVE-2022-33980. Using untrusted values in the methods StringSubstitutor.replace or StringSubstitutor.replaceIn, an attacker could potentially execute a remote code execution (RCE) attack.

Environment

Tableau products

Resolution

Based on currently available information, Tableau products are not impacted by CVE-2022-42889 or CVE-2022-33980 because Tableau does not use the vulnerable methods StringSubstitutor.replace or StringSubstitutor.replaceIn.

Additional Information

National Vulnerability Database (NVD) links:

Click here to return to our Support page.

Open a new case

Click here to go to our Support page.

Get detailed answers and how-to step-by-step instructions for your issues and technical questions.

Find and share solutions with our active community through forums, user groups and ideas.

Browse a complete list of product manuals and guides. Available online, offline and PDF formats.

Learn how to master Tableau’s products with our on-demand, live or class room training.

PRINT THIS PAGE

Related Links

Trending Articles

Attachments

All Support

SUPPORT BY PRODUCT

TOOLS & DOWNLOADS

INFORMATION

ASSISTANCE