Date de dernière modification : 22 Jul 2022
Environnement
The following product versions or lower have been identified as affected:- Tableau Server 2021.4, 2021.3.4, 2021.2.5, 2021.1.8, 2020.4.11, 2020.3.14, 2020.2.19, 2020.1.22, 2019.4.25, 2019.3.26, 2019.2.29, 2019.1.29, 2018.3.29
- Tableau Desktop 2021.4, 2021.3.4, 2021.2.5, 2021.1.8, 2020.4.11, 2020.3.14, 2020.2.19, 2020.1.22, 2019.4.25, 2019.3.26, 2019.2.29, 2019.1.29, 2018.3.29
- Tableau Prep Builder 2021.4.1, 2021.3.2, 2021.2.2, 2021.1.4, 2020.4.1, 2020.3.3, 2020.2.3, 2020.1.5, 2019.4.2, 2019.3.2, 2019.2.3, 2019.1.4, 2018.3.3
- Tableau Public Desktop Client 2021.4
- Tableau Reader 2021.4
- Tableau Bridge 20214.21.1109.1748, 20213.21.1112.1434, 20212.21.0818.1843, 20211.21.0617.1133, 20204.21.0217.1203, 20203.20.0913.2112, 20202.20.0721.1350, 20201.20.0614.2321, 20194.20.0614.2307, 20193.20.0614.2306, 20192.19.0917.1648, 20191.19.0402.1911, 20183.19.0115.1143
Résolution
Option 1: Update Tableau
For customers with active maintenance, if you have not updated from an impacted version (any product release prior to December 15, 2021), or have updated to the December 15, 2021 product releases, please update to one of the newer releases.The December 15, 2021 Tableau Product releases updated the Log4j2 files to version 2.15. There may be diagnostic or auxiliary components still remaining. We have mitigated these outstanding components with configuration changes that disable the vulnerable JNDI lookup functionality.
- Tableau Server 2021.4.1, 2021.3.5, 2021.2.6, 2021.1.9, 2020.4.12
- Tableau Desktop 2021.4.1, 2021.3.5 2021.2.6, 2021.1.9, 2020.4.12
- Tableau Prep Builder 2021.4.2
- Tableau Public Desktop Client 2021.4.1
- Tableau Reader 2021.4.1
- Tableau Bridge 20214.21.1214.2057
The December 19, 2021 Tableau Product releases, have integrated the Log4j 2.16 release, which disables JNDI Lookup by default. This action addresses both CVE-2021-44228 & CVE-2021-45046.
- Tableau Server 2021.4.2+, 2021.3.6+, 2021.2.7+, 2021.1.10+, 2020.4.13+
- Tableau Desktop 2021.4.2+, 2021.3.6+, 2021.2.7+, 2021.1.10+, 2020.4.13+
- Tableau Prep Builder 2021.4.4+ (Jan. 18, 2022 release or later).
- Tableau Public Desktop Client 2021.4.2+
- Tableau Reader 2021.4.2+
- Tableau Bridge 20214.21.1109.1748+
By updating to the product releases from December 19, 2021, you are addressing the security issues currently identified in CVE-2021-44228 & CVE-2021-45046
Option 2: Please execute the mitigation steps detailed in Option 2 if:
- You have updated to the product releases from December 15, 2021, and cannot update to a newer release (out of maintenance, outside of a company update window, etc.).
- You are on an impacted version (any product version released prior to December 15, 2021) and cannot update to a newer release.
Option 2 Mitigation Step Links per Tableau Product:
Cause
Security vulnerabilities CVE-2021-44228 & CVE-2021-45046 in Apache Log4j 2 library.Informations supplémentaires
Please see Salesforce Trust Site for more information detailing Tableau Cloud statusMerci de nous avoir donné votre avis sur l’efficacité de l’article.
Ouvrir un nouveau cas
Continuer la recherche
Base de connaissances
Communauté
Aide produit
Formation et tutoriels