{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T20:59:42.548","vulnerabilities":[{"cve":{"id":"CVE-2020-6939","sourceIdentifier":"security@salesforce.com","published":"2020-11-23T17:15:12.720","lastModified":"2024-11-21T05:36:22.330","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2."},{"lang":"es","value":"Instalaciones de Tableau Server configuradas con Site-Specific SAML que permite a usuarios no autenticados utilizar las API.&#xa0;Si se explota, esto podría permitir a un usuario malicioso establecer la configuración SAML específica del sitio y podría conllevar a la toma de control de la cuenta para los usuarios de ese sitio. Tableau Server versiones afectadas tanto en Windows como en Linux son: 2018.2 hasta 2018.2.27, 2018.3 hasta 2018.3.24, 2019.1 hasta 2019.1.22, 2019.2 hasta 2019.2.18, 2019.3 hasta 2019.3.14, 2019.4 hasta 2019.4.13, 2020.1 hasta 2020.1.10, 2020.2 hasta 2020.2.7 y 2020.3 hasta 2020.3.2"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2018.2","versionEndIncluding":"2018.2.27","matchCriteriaId":"18E26A40-022A-4887-85CE-E0BFF83F7299"},{"vulnerable":true,"criteria":"cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2018.3","versionEndIncluding":"2018.3.24","matchCriteriaId":"7B72068B-B413-4053-B1BC-0CD154D10D8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2019.1","versionEndIncluding":"2019.1.22","matchCriteriaId":"52F0B5EB-D5F4-4423-8754-E9BCC3699305"},{"vulnerable":true,"criteria":"cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2019.2","versionEndIncluding":"2019.2.18","matchCriteriaId":"56EB08BB-13A4-49C9-8928-DFD0DFA8D4AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2019.3","versionEndIncluding":"2019.3.14","matchCriteriaId":"4401C018-6851-4211-83B1-E5595A746116"},{"vulnerable":true,"criteria":"cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2019.4","versionEndIncluding":"2019.4.13","matchCriteriaId":"EFC0F0E8-FEB5-45AB-9D12-5592549E9408"},{"vulnerable":true,"criteria":"cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2020.1","versionEndIncluding":"2020.1.10","matchCriteriaId":"06E3D4C4-6466-420B-AF73-4C2964D3F0A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2020.2","versionEndIncluding":"2020.2.7","matchCriteriaId":"DCE3600B-1D06-4A80-919D-32E2DA3ABFC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:tableau:tableau_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2020.3","versionEndIncluding":"2020.3.2","matchCriteriaId":"C60C48CC-A038-4AA3-95EE-045AB2F6D047"}]}]}],"references":[{"url":"https://help.salesforce.com/articleView?id=000355686&type=1&mode=1","source":"security@salesforce.com","tags":["Third Party Advisory"]},{"url":"https://help.salesforce.com/articleView?id=000355686&type=1&mode=1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}