CVE-2023-22951

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-276
View all →

Vulnerability Description

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints.

Related Vulnerabilities

CVE-2006-5014

HIGH
CVSS:8.8(High)

Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.

CWE-2762006

CVE-2012-4434

HIGH
CVSS:8.8(High)

fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code.

CWE-2762012

CVE-2014-2721

HIGH
CVSS:8.8(High)

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The...

CWE-2762014

CVE-2014-2722

HIGH
CVSS:8.8(High)

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The...

CWE-2762014

CVE-2014-2723

HIGH
CVSS:8.8(High)

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The...

CWE-2762014

CVE-2015-9474

HIGH
CVSS:8.8(High)

The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.

CWE-2762015