7.3
CVE-2025-26498
- EPSS 0.06%
- Veröffentlicht 22.08.2025 20:16:04
- Zuletzt bearbeitet 03.11.2025 15:15:00
- Quelle security@salesforce.com
- CVE-Watchlists
- Unerledigt
LoginUnrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tableau ≫ Tableau Server Version < 2023.3.19
Tableau ≫ Tableau Server Version >= 2024.2 < 2024.2.12
Tableau ≫ Tableau Server Version >= 2025.1 < 2025.1.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.175 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.