Issue

Spring4Shell - CVE-2022-22963 and CVE 2022-22965

At Salesforce, trust is our number one value, and we take the protection of our customers' data very seriously. 

As outlined in the Salesforce Trust post, Tableau products are not impacted by the issues currently identified in CVE-2022-22963 and CVE 2022-22965. The product status may be updated based on our continued response to vulnerabilities announced in CVE-2022-22963 and CVE 2022-22965.

Salesforce is following our vulnerability management process in patching Salesforce services to address the security issues referenced in CVE-2022-22963 and CVE 2022-22965. 

Tableau Cloud has been updated and updates for Tableau Server, Tableau Desktop, and Tableau Bridge are now available on our release page. These versions contain the upgraded Spring framework. 

We will continue to monitor for changes and implement additional remediation actions as necessary.

For updates, please refer back to this KB article or the following Trust post.