Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tigergraph tigergraph 3.7.0 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-28479
An issue exists in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries.
Tigergraph Tigergraph 3.7.0
6.5
CVSSv3
CVE-2023-28480
An issue exists in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platfo...
Tigergraph Tigergraph 3.7.0
8.8
CVSSv3
CVE-2023-28481
An issue exists in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an malicious user to obtain password-less SSH key ac...
Tigergraph Tigergraph 3.7.0
6.5
CVSSv3
CVE-2023-28482
An issue exists in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user ...
Tigergraph Tigergraph 3.7.0
8.8
CVSSv3
CVE-2023-28483
An issue exists in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GS...
Tigergraph Tigergraph 3.7.0
4.9
CVSSv3
CVE-2023-22949
An issue exists in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form...
Tigergraph Cloud -
Tigergraph Tigergraph Enterprise 3.7.0
8.8
CVSSv3
CVE-2023-22951
An issue exists in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API ...
Tigergraph Cloud -
Tigergraph Tigergraph Enterprise 3.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started