CVE-2022-22128

moderate-risk
Published 2022-10-17

Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.

Do I need to act?

~
3.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Tableau

References (3)

Broken Link https://help.salesforce.com/s/articleView?id=000367027&type=1
Vendor Advisory https://kb.tableau.com/articles/Issue/issue-affecting-tableau-server-administrat...
Broken Link https://help.salesforce.com/s/articleView?id=000367027&type=1
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal