CVE-2025-26495

Summary

Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19.

Affected Software

VendorProductVersion RangeStatus
SalesforceTableau Server0 < 2022.1.3affected
SalesforceTableau Server0 < 2021.4.8affected
SalesforceTableau Server0 < 2021.3.13affected
SalesforceTableau Server0 < 2021.2.14affected
SalesforceTableau Server0 < 2021.1.16affected
SalesforceTableau Server0 < 2020.4.19affected

Weaknesses

  • CWE-312: CWE-312 Cleartext Storage of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References