What is CVE-2021-1629?

CVE-2021-1629 is a vulnerability in Tableau Server that allows attackers to perform open redirection attacks by tricking users into clicking on malicious links embedded in emails.

Which versions of Tableau Server are affected by CVE-2021-1629?

Versions 2019.4 to 2020.4 of Tableau Server are affected by CVE-2021-1629.

What is the severity of CVE-2021-1629?

CVE-2021-1629 has a severity rating of medium (6.1) according to the National Vulnerability Database (NVD).

How can I fix CVE-2021-1629?

To fix CVE-2021-1629, Tableau Server users should update to a patched version provided by the vendor and ensure that URLs in emails are validated properly.

Vulnerability/
CVE-2021-1629

medium

6.1

CWE

601

26/3/2021

3/8/2024

CVE-2021-1629

First published: Fri Mar 26 2021(Updated: )

Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.

Credit: security@salesforce.com

Affected Software	Affected Version	How to fix
Tableau Server	>=2019.4<2019.4.18
Tableau Server	>=2020.1<2020.1.15
Tableau Server	>=2020.2<2020.2.12
Tableau Server	>=2020.3<2020.3.7
Tableau Server	>=2020.4<2020.4.3
Microsoft Windows Operating System
Linux Kernel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-1629?
CVE-2021-1629 is a vulnerability in Tableau Server that allows attackers to perform open redirection attacks by tricking users into clicking on malicious links embedded in emails.
How does Tableau Server validate URLs in emails?
Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.
Which versions of Tableau Server are affected by CVE-2021-1629?
Versions 2019.4 to 2020.4 of Tableau Server are affected by CVE-2021-1629.
What is the severity of CVE-2021-1629?
CVE-2021-1629 has a severity rating of medium (6.1) according to the National Vulnerability Database (NVD).
How can I fix CVE-2021-1629?
To fix CVE-2021-1629, Tableau Server users should update to a patched version provided by the vendor and ensure that URLs in emails are validated properly.

agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/last-modified-date
agent/author
agent/references
agent/description
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/tableau
canonical/tableau server
version/tableau server/2019.4
version/tableau server/2020.1
version/tableau server/2020.2
version/tableau server/2020.3
version/tableau server/2020.4
vendor/microsoft
canonical/microsoft windows operating system
vendor/linux
canonical/linux kernel

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.