Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

tigergraph_enterprise

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2023-22949
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.03% / 8.51%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords.

Action-Not Available
Vendor-tigergraphn/a
Product-tigergraph_enterprisecloudn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2023-22951
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.54%
||
7 Day CHG~0.00%
Published-13 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints.

Action-Not Available
Vendor-tigergraphn/a
Product-tigergraph_enterprisecloudn/a
CWE ID-CWE-276
Incorrect Default Permissions