CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has...

6.5CVSS7.2AI score0.0009EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 6:2 a.m.•1 views

CVE-2023-28479

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries...

8.8CVSS6.9AI score0.00123EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 5:51 a.m.•4 views

CVE-2023-22948

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph...

4.9CVSS7AI score0.00195EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 3:19 a.m.•2 views

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

8.8CVSS7AI score0.00033EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 3:16 a.m.•2 views

CVE-2023-22950

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsqlserver, created by any user with designer permissions, can read sensitive data from arbitrary locations...

6.5CVSS6.9AI score0.00293EPSS

Exploits1References1

OSV•added 2023/08/15 2:15 p.m.•1 views

CVE-2023-28479

8.8CVSS5.8AI score0.00123EPSS

Exploits1References1

ATTACKERKB•added 2023/08/15 2:15 p.m.•1 views

CVE-2023-28479

8.8CVSS5.9AI score0.00123EPSS

Exploits1References2

Positive Technologies•added 2023/08/15 12:0 a.m.•2 views

PT-2023-21748 · Tigergraph · Tigergraph Enterprise

Name of the Vulnerable Software and Affected Versions: Tigergraph Enterprise version 3.7.0 Description: An issue was discovered in the TigerGraph platform, which installs a full development toolchain within every TigerGraph deployment. This allows an attacker to compile new executables on each...

8.8CVSS8.5AI score0.00123EPSS

Exploits1References6

OSV•added 2023/08/14 7:15 p.m.•4 views

CVE-2023-28483

8.8CVSS5.8AI score0.00033EPSS

Exploits1References1

ATTACKERKB•added 2023/08/14 7:15 p.m.•2 views

CVE-2023-28483

8.8CVSS5.9AI score0.00033EPSS

Exploits1References2

OSV•added 2023/08/14 7:15 p.m.•1 views

CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

8.8CVSS5.8AI score0.00076EPSS

Exploits1References1