Vulnerabilities > CVE-2023-22951 - Unspecified vulnerability in Tigergraph Cloud and Tigergraph Enterprise

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

tigergraph

NVD

Published: 2023-04-13

Updated: 2023-04-24

Summary

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints.

Vulnerable Configurations

Part	Description	Count
Application	Tigergraph Tigergraph Cloud - Tigergraph Tigergraph Enterprise 3.7.0	3

References

https://neo4j.com/security/cve-2023-22951/
https://dev.tigergraph.com/forum/c/tg-community/announcements/35