PatchSiren cyber security CVE debrief
CVE-2022-22127 Tableau CVE debrief
The supplied advisory describes a broken access control issue in Tableau Server deployments that use Local Identity Store. A malicious site administrator could change passwords for users in other sites hosted on the same server, creating a path to unauthorized data access. The surrounding CSAF metadata, however, maps the CVE to Siemens Opcenter Intelligence, so the supplied source corpus contains a product-attribution inconsistency that should be reviewed.
- Vendor
- Tableau
- Product
- Tableau Server
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
Tableau Server administrators and security teams running deployments that use Local Identity Store, especially multi-site environments where site administrators can manage users within their site. Teams handling Siemens/CISA advisory intake should also note that the supplied metadata and description do not align cleanly.
Technical summary
The advisory text describes a network-reachable broken access control flaw with high privilege requirements and no user interaction, reflected by CVSS 3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N. In affected Tableau Server versions 2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlier, a malicious site administrator may be able to change passwords for users in different sites on the same server when Local Identity Store is used. The stated impact is unauthorized access to data; unsupported versions were not tested and may also be vulnerable.
Defensive priority
High for any deployment using Local Identity Store; verify exposure and patch status quickly.
Recommended defensive actions
- Update affected deployments to V2501 or later, and follow the latest vendor remediation guidance referenced in PL8822108.
- Inventory all Tableau Server instances and confirm whether Local Identity Store is enabled and whether any affected versions are still in use.
- Review site-administrator assignments and user-management workflows to ensure privileges are limited to the minimum required.
- Treat unsupported Tableau Server versions as potentially vulnerable until they are upgraded or otherwise remediated.
- Check for unexpected cross-site password changes or account-management activity in administrative logs.
Evidence notes
The primary evidence is the CISA CSAF advisory ICSA-25-044-14 and its referenced Siemens product-cert links. The advisory description itself names Tableau Server, Local Identity Store, and cross-site password changes, while the metadata labels the product as Siemens Opcenter Intelligence. The source revision history shows publication on 2025-02-11 and a later typo-fix revision on 2025-05-06.
Official resources
-
CVE-2022-22127 CVE record
CVE.org
-
CVE-2022-22127 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the CSAF advisory on 2025-02-11 and revised it on 2025-05-06 for typos.