Salesforce Trust

Security Advisories

Salesforce is committed to setting the standard in software-as-a-service as an effective partner in customer security.

 

Recent Security Advisories

From time to time it is important we notify customers with security advisories related to the Salesforce platform or subsidiaries. We will publish security advisories below.

Date
Type
Subject
Nature of Attack
Vulnerability
ADV-2020-051
Tableau Products Integer Overflow
Vulnerability
ADV-2020-050
REST API Returns a Site Configuration Value to Unauthenticated Users
Vulnerability
ADV-2020-049
Plaintext Data Source Secrets In Repository
Vulnerability
ADV-2020-048
Tableau Server Sensitive Values In Log File Location
Vulnerability
ADV-2020-047
Some Permission Changes Don't Take Effect Until Server Restart
Vulnerability
ADV-2020-046
Tableau Server Sensitive Values In Logs
Vulnerability
ADV-2020-045
Tableau Server Logs Contain Webhook URLs
Vulnerability
ADV-2020-044
External Service Connection Fails To Validate Host Name
Vulnerability
CVE-2020-6938
Sensitive information disclosure vulnerability in Tableau Server
Vulnerability
CVE-2020-6937
Denial of Service vulnerability in Mule runtime
Security Enhancements
COVID-19 Business Continuity Statement
Salesforce has not experienced any significant business impacts
Vulnerability
CVE-2019-15631
Remote Code Execution in Mule runtime and API Gateway
Vulnerability
CVE-2019-15630
Directory Traversal in MuleSoft Runtime
Security Enhancements
Manage Security Contacts for Your Organization
If your organization is impacted by an information security incident, your organization’s Security Contact(s) will be notified.
Security Enhancements
Enhancements to Security of Community and Portal Users
Potential impact to default sharing settings
Email Scam
Phishing Campaign
Salesforce-themed phishing campaign
Vulnerability
Salesforce Security Vulnerability
Security vulnerability impact on Salesforce Sites and Communities
Vulnerability
Twitter Account Activity API
Vulnerability of Twitter Account Activity API
Vulnerability
'Apache Struts' vulnerabilities
Vulnerability affecting a wide range of web services.
Email Scam
Payment was returned
Email purporting to be from Salesforce to request a wire transfer of money to a bank account that is not owned/operated by Salesforce.
Vulnerability
SAML Vulnerabilities: Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
Vulnerability affecting a wide range of SAML libraries.
Vulnerability
Spectre/Meltdown Vulnerabilities
Vulnerability affecting a wide range of computer processors.
Vulnerability/Ransomware
MS17-010 Vulnerability (AKA EternalBlue)
Malware leveraging MS17-010 (AKA EternalBlue) Vulnerability
Malware
TrickBot / The Trick
Malware may target Salesforce Users.
Ransomware
WannaCry Ransomware
Ransomware targeting Windows "Eternal Blue" vulnerability.
Email Scam
Google Docs Phishing Campaign
Google Docs invitation containing a phishing link.
Service Provider Vulnerability
Cloudflare Vulnerability
Cloudflare, an embedded content delivery network and internet security services provider, disclosed a security vulnerability in their edge servers, which could expose information such as HTTP cookies, authentication tokens, and HTTP POST bodies.
Email Scam
Your SSL Certificate has expired
Email that provides a link to download a file that contains malicious software.
Email Scam
Your SSL Certificate has expired
Email that provides a link to download a file that contains malicious software.
Email Scam
EMAIL BLACKLISTED...
Email containing links to phishing sites purporting to be salesforce.com.

For security-related questions, information, or reporting, contact security by emailing security@salesforce.com.

Contact Security