Vulnerability Details CVE-2022-30331
The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.3%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-30331
-
cpe:2.3:a:tigergraph:tigergraph:3.6.0