What is Log4j Vulnerability?
On December 9th, 2021, the Apache Software Foundation released a security advisory detailing a vulnerability affecting the Java-based logging utility. This has been labeled as a 10 out of 10 security risk. In response, the US Cybescruity and Infrastructure Security Agency issued immediate alerts urging organizations to patch their systems immediately.
To better understand the vulnerability and the widespread impact of this vulnerability please refer to the original security advisory.
How does it impact Tableau Software?
Tableau Software published a Knowledgebase article on December 10th, 2021 detailing the existing status of the mitigation/patching efforts made by the team. At the time of writing, organizations have two options to reduce impact:
- Upgrade to the product released on December 19th, 2021. If you updated between December 15th and December 18th then review the knowledgebase article for what appears to be a final release.
- Mitigate vulnerability by removing the jndi_lookup.class Tableau Server archives. Detailed instructions here.
The status for Tableau Online can be found on the Salesforce Trust post.
Being Proactive about Security!
These events are great triggers for doing a broader security review of the environment. DataBrains, Inc. helps maintain performant analytic environments by following a few key rules:
- Document a Security Policy that includes data access.
- Perform frequent Security Audits to measure adherence to policy.
- Track known vulnerabilities and proactively plan resolution before it is urgent.
- Schedule quarterly Tableau Server health checks.
Does your organization currently operate on Tableau Server 2020.3 or older? If so, you should be aware there is an embedded PostgresSQL Database that is out of maintenance. It is recommended to update to 2020.4 or later. DataBrains can help!
How can DataBrains help?
Our team offers a fixed package security assessment based on the complexity of the environment. Additionally, our team offers à la cart project-based services to assist with any specific security concerns you may have.
The security assessment includes, but is not limited too:
- Content Review – Usage, workbook/data level permissions, and access.
- Security Review – Users and global permissions.
- Known Vulnerabilities
- Quarterly Health Check – Review hardware performance, OS concerns, and Tableau-specific recommendations.
If you have security concerns then let DataBrains, Inc. help. Contact us to learn more about our security assessment services!
