6.5

CVE-2023-28482

Exploit

EPSS 0.07%
Veröffentlicht 14.08.2023 19:15:10
Zuletzt bearbeitet 21.11.2024 07:55:11
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has permissions to upload data can browse data uploaded by any other user (irrespective of their permissions).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tigergraph ≫ Tigergraph Version3.7.0 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.218

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://neo4j.com/security/cve-2023-28482/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-28482

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28482

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28482

EUVD