101 matches found
PT-2023-21753 · Tigergraph · Tigergraph Enterprise
Name of the Vulnerable Software and Affected Versions: Tigergraph Enterprise version 3.7.0 Description: An issue was discovered in the GSQL query language, which allows users to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable v...
CVE-2023-22949
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That...
CVE-2023-22949
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That...
Design/Logic Flaw
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That...
CVE-2023-22949
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That...
CVE-2023-22949
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That...
TigerGraph 安全漏洞
TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in TigerGraph Enterprise Free Edition 3.x series versions that stems from the fact that all...
PT-2023-18791 · Tigergraph · Tigergraph Enterprise Free Edition
Name of the Vulnerable Software and Affected Versions: TigerGraph Enterprise Free Edition versions 3.x Description: An issue was discovered where user credentials are logged. All authenticated GSQL access requests are logged by TigerGraph in multiple places, including both the username and passwo...
CVE-2023-22949
TigerGraph Enterprise Free Edition 3.x has a credential leakage issue where all authenticated GSQL access requests are logged, with both username and password included in an easily decodable base64 form. This could allow an administrator with access to logs to harvest usernames and passwords. Aff...
CVE-2023-22951
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...
CVE-2023-22951
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...
Design/Logic Flaw
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...
CVE-2023-22948
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph...
CVE-2023-22948
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph...
Code injection
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph...
CVE-2023-22950
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsqlserver, created by any user with designer permissions, can read sensitive data from arbitrary locations...
CVE-2023-22950
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsqlserver, created by any user with designer permissions, can read sensitive data from arbitrary locations...
Code injection
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsqlserver, created by any user with designer permissions, can read sensitive data from arbitrary locations...
CVE-2023-22948
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph...
CVE-2023-22951
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...