CVE-2020-6939 - CERT CVE

  1. CVE-2020-6939

ID CVE-2020-6939
Sažetak Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2.
Reference
CVSS
Base: 10.0
Impact: 10.0
Exploitability:10.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE COMPLETE COMPLETE
CVSS vektor AV:N/AC:L/Au:N/C:C/I:C/A:C
Zadnje važnije ažuriranje 08-12-2020 - 17:36
Objavljeno 23-11-2020 - 17:15