Vendor

TigerGraph

Products

CVEs

Across products

Status

Private

Products

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2023-28480	TigerGraph TigerGraph Enterprise Free Edition	—	0.01	Aug 14, 2023	An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into…
CVE-2023-22948	TigerGraph TigerGraph Enterprise Free Edition	—	0.00	Apr 13, 2023	An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in…
CVE-2023-22951	TigerGraph TigerGraph Enterprise Free Edition	—	0.01	Apr 13, 2023	An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all…
CVE-2022-30331	TigerGraph TigerGraph	—	0.01	Sep 5, 2022	The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."

CVE-2023-28480Aug 14, 2023
TigerGraph
TigerGraph Enterprise Free Edition
risk 0.00cvss —epss 0.01
An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into…
CVE-2023-22948Apr 13, 2023
TigerGraph
TigerGraph Enterprise Free Edition
risk 0.00cvss —epss 0.00
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in…
CVE-2023-22951Apr 13, 2023
TigerGraph
TigerGraph Enterprise Free Edition
risk 0.00cvss —epss 0.01
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all…
CVE-2022-30331Sep 5, 2022
TigerGraph
TigerGraph
risk 0.00cvss —epss 0.01
The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."