Security Advisories
Salesforce is committed to setting the standard in software-as-a-service as an effective partner in customer security.
Recent Security Advisories
From time to time it is important we notify customers with security advisories related to the Salesforce platform or subsidiaries. We will publish security advisories below.
Date | Type | Subject | Nature of Attack |
---|---|---|---|
Vulnerability | ADV-2021-004 | Memory Corruption | |
Vulnerability | ADV-2021-003 | Authentication Bypass in IPv6 Networks | |
Vulnerability | ADV-2021-002 | Information Disclosure | |
Vulnerability | ADV-2021-001 | Reflected Error Message Content Injection | |
Vulnerability | ADV-2020-061 | Tableau Server Non-Default Installation Weak Folder Permissions | |
Vulnerability | ADV-2020-060 | Tableau Server Default Installation Weak Folder Permissions | |
Vulnerability | ADV-2020-059 | Tableau Fixes a Vulnerability in QtWebEngine | |
Vulnerability | SolarWinds Software Compromise | Federal government and Fortune 500 companies compromised by supply chain attack | |
Vulnerability | CVE-2020-6939 | Unauthenticated API Endpoints | |
Vulnerability | ADV-2020-058 | Privilege Escalation in Tableau Products | |
Vulnerability | ADV-2020-057 | File Path Disclosure of Temporary Files | |
Vulnerability | ADV-2020-056 | Unauthenticated API Endpoints | |
Vulnerability | ADV-2020-055 | Database Credentials In Log Files | |
Vulnerability | ADV-2020-054 | Tableau Desktop stores plaintext secrets in configuration file | |
Vulnerability | ADV-2020-053 | Non-ASCII characters parsing error | |
Vulnerability | ADV-2020-052 | Tableau Server Allows External Web Pages In Web Zones | |
Vulnerability | ADV-2020-051 | Tableau Products Integer Overflow | |
Vulnerability | ADV-2020-050 | REST API Returns a Site Configuration Value to Unauthenticated Users | |
Vulnerability | ADV-2020-049 | Plaintext Data Source Secrets In Repository | |
Vulnerability | ADV-2020-048 | Tableau Server Sensitive Values In Log File Location | |
Vulnerability | ADV-2020-047 | Some Permission Changes Don't Take Effect Until Server Restart | |
Vulnerability | ADV-2020-046 | Tableau Server Sensitive Values In Logs | |
Vulnerability | ADV-2020-045 | Tableau Server Logs Contain Webhook URLs | |
Vulnerability | ADV-2020-044 | External Service Connection Fails To Validate Host Name | |
Vulnerability | CVE-2020-6938 | Sensitive information disclosure vulnerability in Tableau Server | |
Vulnerability | CVE-2020-6937 | Denial of Service vulnerability in Mule runtime | |
Security Enhancements | COVID-19 Business Continuity Statement | Salesforce has not experienced any significant business impacts | |
Vulnerability | CVE-2019-15631 | Remote Code Execution in Mule runtime and API Gateway | |
Vulnerability | CVE-2019-15630 | Directory Traversal in MuleSoft Runtime | |
Security Enhancements | Manage Security Contacts for Your Organization | If your organization is impacted by an information security incident, your organization’s Security Contact(s) will be notified. | |
Security Enhancements | Enhancements to Security of Community and Portal Users | Potential impact to default sharing settings | |
Email Scam | Phishing Campaign | Salesforce-themed phishing campaign | |
Vulnerability | Salesforce Security Vulnerability | Security vulnerability impact on Salesforce Sites and Communities | |
Vulnerability | Twitter Account Activity API | Vulnerability of Twitter Account Activity API | |
Vulnerability | 'Apache Struts' vulnerabilities | Vulnerability affecting a wide range of web services. | |
Email Scam | Payment was returned | Email purporting to be from Salesforce to request a wire transfer of money to a bank account that is not owned/operated by Salesforce. | |
Vulnerability | SAML Vulnerabilities: Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal | Vulnerability affecting a wide range of SAML libraries. | |
Vulnerability | Spectre/Meltdown Vulnerabilities | Vulnerability affecting a wide range of computer processors. | |
Vulnerability/Ransomware | MS17-010 Vulnerability (AKA EternalBlue) | Malware leveraging MS17-010 (AKA EternalBlue) Vulnerability | |
Malware | TrickBot / The Trick | Malware may target Salesforce Users. | |
Ransomware | WannaCry Ransomware | Ransomware targeting Windows "Eternal Blue" vulnerability. | |
Email Scam | Google Docs Phishing Campaign | Google Docs invitation containing a phishing link. | |
Service Provider Vulnerability | Cloudflare Vulnerability | Cloudflare, an embedded content delivery network and internet security services provider, disclosed a security vulnerability in their edge servers, which could expose information such as HTTP cookies, authentication tokens, and HTTP POST bodies. | |
Email Scam | Your SSL Certificate has expired | Email that provides a link to download a file that contains malicious software. | |
Email Scam | Your SSL Certificate has expired | Email that provides a link to download a file that contains malicious software. | |
Email Scam | EMAIL BLACKLISTED... | Email containing links to phishing sites purporting to be salesforce.com. |
For security-related questions, information, or reporting, contact security by emailing security@salesforce.com.
Contact Security