We strongly encourage updating all affected Tableau product versions as soon as they are available, as this vulnerability poses a significant risk. Tableau Online, Tableau Public, the Tableau corporate website, customer portal, community forums, licensing server, map server, training content and other elements that are part of our website are all clear from this vulnerability. The rest of the Tableau properties do not have exposure to the Heartbleed vulnerability. We will be releasing Tableau versions 8.0.10 and 8.1.6 to correct this vulnerability.
TABLEAU READER VERSIONS SOFTWARE
Our target is to have the software released for customers to download Thursday evening (April 10th). We are creating new versions with the latest OpenSSL (version 1.0.1g) embedded.
We are currently in final testing of updated Tableau versions that correct this vulnerability. The initial beta version of Tableau 8.2, both desktop and server.(Prior versions of Tableau Desktop are not vulnerable). All desktop varieties: Personal, Professional, Public Desktop, and Reader are vulnerable. Tableau Desktop versions 8.1.0 thru 8.1.5.Tableau Server version 8.1.0 thru 8.1.5 which are configured with SSL enabled.(Prior versions of Tableau Server are not vulnerable.) Tableau Server version 8.0.6 thru 8.0.9 which are configured with SSL enabled.The Tableau product versions with this vulnerability are: Tableau’s desktop products use OpenSSL to negotiate the security protocol from the server to the desktop, including both Tableau Servers configured for SSL and Tableau Desktop products which communicate with other servers – for example a dashboard with a web page component embedded in it which may access a remote SSL server.
For example, passwords or other sensitive data could be accessed. This can allow for encryption keys to be read which can enable the decrypting of data obtained by intercepting traffic. The vulnerability allows a remote attacker to read client or server application memory.
0 kommentar(er)
