CVE-2019-15637

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.

Published: Aug 26, 2019
Updated: Nov 9, 2025
CVE: CVE-2019-15637
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:N/A:P

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
tableau / tableau_server	10.5	10.5.18.x
tableau / tableau_server	2018.1	2018.1.15.x
tableau / tableau_server	2018.2	2018.12.x
tableau / tableau_server	2018.3	2018.3.9.x
tableau / tableau_server	2019.1	2019.1.6.x
tableau / tableau_server	2019.2	2019.2.2.x
tableau / tableau_server	10.2	10.2.23.x
tableau / tableau_server	10.3	10.3.23.x
tableau / tableau_server	10.4	10.4.19.x
tableau / tableau_desktop	10.2	10.2.23.x
tableau / tableau_desktop	10.3	10.3.23.x
tableau / tableau_desktop	10.4	10.4.19.x
tableau / tableau_desktop	10.5	10.5.18.x
tableau / tableau_desktop	2018.1	2018.1.15.x
tableau / tableau_desktop	2018.2	2018.2.12.x
tableau / tableau_desktop	2018.3	2018.3.9.x
tableau / tableau_desktop	2019.1	2019.1.6.x
tableau / tableau_desktop	2019.2	2019.2.2.x
tableau / tableau_reader	10.2	10.2.2.x
tableau / tableau_public_desktop	10.2	10.2.2.x

Vulnerability Database

CVE-2019-15637

Deep Security Visibility Without the Complexity