CVE-2022-22127: 
Tableau Server vulnerability analysis and mitigation

Tableau Server contains a broken access control vulnerability (CVE-2022-22127) affecting customers using Local Identity Store for managing users. The vulnerability was disclosed on May 25, 2022, affecting Tableau Server versions 2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlier (NVD).

The vulnerability has a CVSS v3.1 Base Score of 7.2 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability allows authenticated access with high privileges and can be exploited over the network with low attack complexity (NVD).

If exploited, the vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, potentially leading to unauthorized access to data across different sites (NVD).

All future releases of Tableau Server will address this security issue. Users should upgrade to versions newer than the affected versions (2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4). Note that versions that are no longer supported are not tested and may be vulnerable (NVD).