CVE-2023-28480

Name of the Vulnerable Software and Affected Versions Tigergraph Enterprise version 3.7.0

Description An issue was discovered in the TigerGraph platform, which allows users to define new User Defined Functions (UDFs) from C/C++ code. This functionality enables users to upload custom C/C++ code, which is then compiled and installed into the platform. An attacker with filesystem access on a remote TigerGraph system can alter the behavior of the database against the will of the database administrator, effectively bypassing the built-in Role-Based Access Control (RBAC) controls.

Recommendations For Tigergraph Enterprise version 3.7.0, consider restricting access to the custom C/C++ code upload feature to prevent unauthorized modifications to the database behavior. Additionally, monitor filesystem access and database activity to detect potential exploitation attempts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.