Tableau Releases Critical Security Updates

Tableau has released an urgent update to address the Log4Shell vulnerability in the Log4j library used in several of their BI and analytics products.

Threat ID:: CC-3994
Threat Severity:: High
Published:: 16 December 2021 2:06 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Tableau has released an urgent update to address the Log4Shell vulnerability in the Log4j library used in several of their BI and analytics products.

Affected platforms

The following platforms are known to be affected:

Versions: all versions (desktop and server)

Tableau

Versions: all versions

Tableau Reader

Versions: all versions (desktop client)

Tableau Public

Threat details

Introduction

Tableau has released a critical update to address the Log4Shell vulnerability affecting a number of their business intelligence products. They claim that an unauthenticated remote attacker could exploit Log4Shell to take control of affected Tableau products as well as the underlying systems they run on.

NHS Digital response to Log4Shell

This alert is part of NHS Digital's wider response to the Log4Shell remote code execution vulnerability. For more information on Log4Shell itself, please visit our cyber alerts article Log4Shell RCE Vulnerability CC-3989.

Remediation advice

Affected organisations should review Tableau's Apache Log4j2 vulnerability (Log4Shell) knowledge base article and apply the relevant updates immediately.

Organisations unable to apply these updates should consider implementing the partial mitigations provided by Tableau.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2021-44228

Last edited: 16 December 2021 2:06 pm