mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
162 lines
6.2 KiB
JSON
162 lines
6.2 KiB
JSON
{
|
|
"id": "CVE-2020-6939",
|
|
"sourceIdentifier": "security@salesforce.com",
|
|
"published": "2020-11-23T17:15:12.720",
|
|
"lastModified": "2020-12-08T17:36:09.407",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Instalaciones de Tableau Server configuradas con Site-Specific SAML que permite a usuarios no autenticados utilizar las API. Si se explota, esto podr\u00eda permitir a un usuario malicioso establecer la configuraci\u00f3n SAML espec\u00edfica del sitio y podr\u00eda conllevar a la toma de control de la cuenta para los usuarios de ese sitio. Tableau Server versiones afectadas tanto en Windows como en Linux son: 2018.2 hasta 2018.2.27, 2018.3 hasta 2018.3.24, 2019.1 hasta 2019.1.22, 2019.2 hasta 2019.2.18, 2019.3 hasta 2019.3.14, 2019.4 hasta 2019.4.13, 2020.1 hasta 2020.1.10, 2020.2 hasta 2020.2.7 y 2020.3 hasta 2020.3.2"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 10.0
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2018.2",
|
|
"versionEndIncluding": "2018.2.27",
|
|
"matchCriteriaId": "18E26A40-022A-4887-85CE-E0BFF83F7299"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2018.3",
|
|
"versionEndIncluding": "2018.3.24",
|
|
"matchCriteriaId": "7B72068B-B413-4053-B1BC-0CD154D10D8D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2019.1",
|
|
"versionEndIncluding": "2019.1.22",
|
|
"matchCriteriaId": "52F0B5EB-D5F4-4423-8754-E9BCC3699305"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2019.2",
|
|
"versionEndIncluding": "2019.2.18",
|
|
"matchCriteriaId": "56EB08BB-13A4-49C9-8928-DFD0DFA8D4AE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2019.3",
|
|
"versionEndIncluding": "2019.3.14",
|
|
"matchCriteriaId": "4401C018-6851-4211-83B1-E5595A746116"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2019.4",
|
|
"versionEndIncluding": "2019.4.13",
|
|
"matchCriteriaId": "EFC0F0E8-FEB5-45AB-9D12-5592549E9408"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2020.1",
|
|
"versionEndIncluding": "2020.1.10",
|
|
"matchCriteriaId": "06E3D4C4-6466-420B-AF73-4C2964D3F0A7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2020.2",
|
|
"versionEndIncluding": "2020.2.7",
|
|
"matchCriteriaId": "DCE3600B-1D06-4A80-919D-32E2DA3ABFC0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2020.3",
|
|
"versionEndIncluding": "2020.3.2",
|
|
"matchCriteriaId": "C60C48CC-A038-4AA3-95EE-045AB2F6D047"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://help.salesforce.com/articleView?id=000355686&type=1&mode=1",
|
|
"source": "security@salesforce.com",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |