Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Tableau XML external entity injection attempt

Rule Explanation

This event is generated when an XXE attempt is made against Tableau products. Impact: Web Application Attack Details: This event is generated when an XXE attempt is made against Tableau products via http through the extensionManifestContents parameter. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

CVE Additional Information

CVE-2019-15637
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
Details
Severity Base Score8.1
Impact Score5.2 Exploit Score2.8
Confidentiality ImpactHIGH Integrity ImpactNONE
Availability ImpactHIGH Attack VectorNETWORK
ScopeUNCHANGED User InteractionNONE
Authentication Ease of AccessLOW
Privileges RequiredLOW