The visual appearance of Tableau was already quite good, but with this release they have managed to make them even better by following some of the visual design principles that I advocate (and Tufte advocated long before I did). I’m not going to review all of the new features of this release and none of them in detail, but want to briefly mention and describe those that I find most interesting. The features that they decide to include are not turned over to developers to code as quickly as possible with little direction they first go through a rigorous design process to make sure that they are implemented in the most effective way possible. Rather, they understand the needs of their customers well enough to discriminate between features that really matter and those that would take the product in an unproductive direction. They don’t just tick items off a features list that was composed from customer requests. After recently being briefed on version 3.5 by the folks at Tableau, I concluded the meeting with the following statement: “You guys continue to amaze me with how many important features you’re able to address in each release, thoroughly and without compromising quality.” The team at Tableau succeeds better than any other software design and development team I know in identifying the most important next steps in the product’s evolution and proceeding through those steps expertly and thoughtfully. Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.I have reviewed every release of Tableau, beginning with version 1.0 and continuing now with the latest release, version 3.5. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop. Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. Versions that are no longer supported are not tested and may be vulnerable.ħ Macos, Linux Kernel, Windows and 4 more The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. They are also not assessed for potential security issues and do not receive security updates. Older versions have reached their End of Life and are no longer supported. Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |