{"containers":{"cna":{"affected":[{"product":"Tableau Server","vendor":"n/a","versions":[{"status":"affected","version":"versions affected on both Windows and Linux are: 2018.2 through 2018.2.27"},{"status":"affected","version":"2018.3 through 2018.3.24"},{"status":"affected","version":"2019.1 through 2019.1.22"},{"status":"affected","version":"2019.2 through 2019.2.18"},{"status":"affected","version":"2019.3 through 2019.3.14"},{"status":"affected","version":"2019.4 through 2019.4.13"},{"status":"affected","version":"2020.1 through 2020.1.10"},{"status":"affected","version":"2020.2 through 2020.2.7"},{"status":"affected","version":"2020.3 through 2020.3.2"}]}],"descriptions":[{"lang":"en","value":"Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2."}],"problemTypes":[{"descriptions":[{"description":"Incorrect Access Control","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-11-23T16:16:25.000Z","orgId":"c9b25dee-ae6d-4083-ba23-638c500cc364","shortName":"Salesforce"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://help.salesforce.com/articleView?id=000355686&type=1&mode=1"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@salesforce.com","ID":"CVE-2020-6939","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Tableau Server","version":{"version_data":[{"version_value":"versions affected on both Windows and Linux are: 2018.2 through 2018.2.27"},{"version_value":"2018.3 through 2018.3.24"},{"version_value":"2019.1 through 2019.1.22"},{"version_value":"2019.2 through 2019.2.18"},{"version_value":"2019.3 through 2019.3.14"},{"version_value":"2019.4 through 2019.4.13"},{"version_value":"2020.1 through 2020.1.10"},{"version_value":"2020.2 through 2020.2.7"},{"version_value":"2020.3 through 2020.3.2"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Incorrect Access Control"}]}]},"references":{"reference_data":[{"name":"https://help.salesforce.com/articleView?id=000355686&type=1&mode=1","refsource":"CONFIRM","url":"https://help.salesforce.com/articleView?id=000355686&type=1&mode=1"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T09:18:01.581Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://help.salesforce.com/articleView?id=000355686&type=1&mode=1"}]}]},"cveMetadata":{"assignerOrgId":"c9b25dee-ae6d-4083-ba23-638c500cc364","assignerShortName":"Salesforce","cveId":"CVE-2020-6939","datePublished":"2020-11-23T16:16:25.000Z","dateReserved":"2020-01-13T00:00:00.000Z","dateUpdated":"2024-08-04T09:18:01.581Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}