ID

VAR-201912-1402


CVE

CVE-2019-19719


TITLE

Tableau Server Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-012906

DESCRIPTION

Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page. Tableau Server Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. This product is mainly used to manage and share data visualizations, interactive dashboards, workbooks and reports created by Tableau Desktop data visualization software. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code

Trust: 2.25

sources: NVD: CVE-2019-19719 // JVNDB: JVNDB-2019-012906 // CNVD: CNVD-2020-04286 // VULMON: CVE-2019-19719

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-04286

AFFECTED PRODUCTS

vendor:tableaumodel:serverscope:gteversion:10.3

Trust: 1.0

vendor:tableaumodel:serverscope:lteversion:2019.4

Trust: 1.0

vendor:tableaumodel:serverscope:eqversion:2019.4 for up to 10.3

Trust: 0.8

vendor:tableaumodel:software tableau software serverscope:gteversion:10.3,<=2019.4

Trust: 0.6

vendor:tableaumodel:serverscope:eqversion:2019.2.5

Trust: 0.6

vendor:tableaumodel:serverscope:eqversion:2019.3

Trust: 0.6

vendor:tableaumodel:serverscope:eqversion:2019.2.6

Trust: 0.6

vendor:tableaumodel:serverscope:eqversion:2019.3.1

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion: -

Trust: 0.6

vendor:tableaumodel:serverscope:eqversion:2019.2.4

Trust: 0.6

vendor:tableaumodel:serverscope:eqversion:2019.4

Trust: 0.6

vendor:tableaumodel:serverscope:eqversion:2019.2.3

Trust: 0.6

vendor:tableaumodel:serverscope:eqversion:2019.3.2

Trust: 0.6

vendor:microsoftmodel:windowsscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-04286 // JVNDB: JVNDB-2019-012906 // CNNVD: CNNVD-201912-480 // NVD: CVE-2019-19719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19719
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-19719
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-04286
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-480
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-19719
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-19719
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-04286
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-19719
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-19719
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-04286 // VULMON: CVE-2019-19719 // JVNDB: JVNDB-2019-012906 // CNNVD: CNNVD-201912-480 // NVD: CVE-2019-19719

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-012906 // NVD: CVE-2019-19719

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-480

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201912-480

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012906

PATCH

title:[Important] ADV-2019-047: Open redirect on embeddedAuthRedirect pageurl:https://community.tableau.com/community/security-bulletins/blog/2019/11/19/important-adv-2019-047-open-redirect-on-embeddedauthredirect-page

Trust: 0.8

title:Patch for Tableau Server Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/199519

Trust: 0.6

title:Tableau Software Server Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104538

Trust: 0.6

title:jaelesurl:https://github.com/jaeles-project/jaeles

Trust: 0.1

title:jaeles-signaturesurl:https://github.com/jaeles-project/jaeles-signatures

Trust: 0.1

title:kenzer-templatesurl:https://github.com/Elsfa7-110/kenzer-templates

Trust: 0.1

title:kenzer-templatesurl:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

sources: CNVD: CNVD-2020-04286 // VULMON: CVE-2019-19719 // JVNDB: JVNDB-2019-012906 // CNNVD: CNNVD-201912-480

EXTERNAL IDS

db:NVDid:CVE-2019-19719

Trust: 3.1

db:JVNDBid:JVNDB-2019-012906

Trust: 0.8

db:CNVDid:CNVD-2020-04286

Trust: 0.6

db:CNNVDid:CNNVD-201912-480

Trust: 0.6

db:VULMONid:CVE-2019-19719

Trust: 0.1

sources: CNVD: CNVD-2020-04286 // VULMON: CVE-2019-19719 // JVNDB: JVNDB-2019-012906 // CNNVD: CNNVD-201912-480 // NVD: CVE-2019-19719

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-19719

Trust: 2.0

url:https://community.tableau.com/community/security-bulletins/blog/2019/11/19/important-adv-2019-047-open-redirect-on-embeddedauthredirect-page

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19719

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/jaeles-project/jaeles

Trust: 0.1

sources: CNVD: CNVD-2020-04286 // VULMON: CVE-2019-19719 // JVNDB: JVNDB-2019-012906 // CNNVD: CNNVD-201912-480 // NVD: CVE-2019-19719

SOURCES

db:CNVDid:CNVD-2020-04286
db:VULMONid:CVE-2019-19719
db:JVNDBid:JVNDB-2019-012906
db:CNNVDid:CNNVD-201912-480
db:NVDid:CVE-2019-19719

LAST UPDATE DATE

2024-11-23T22:48:10.911000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-04286date:2020-02-07T00:00:00
db:VULMONid:CVE-2019-19719date:2019-12-12T00:00:00
db:JVNDBid:JVNDB-2019-012906date:2019-12-16T00:00:00
db:CNNVDid:CNNVD-201912-480date:2019-12-26T00:00:00
db:NVDid:CVE-2019-19719date:2024-11-21T04:35:14.870

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-04286date:2019-12-10T00:00:00
db:VULMONid:CVE-2019-19719date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-012906date:2019-12-16T00:00:00
db:CNNVDid:CNNVD-201912-480date:2019-12-10T00:00:00
db:NVDid:CVE-2019-19719date:2019-12-11T04:15:10.573