Vulnerability Description
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Topquadrant | Topbraid Edg | 7.1.3 |
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/Third Party Advisory
- https://www.topquadrant.com/doc/latest/administrator_guide/edg_installation_and_Technical Description
- https://www.topquadrant.com/doc/latest/reference/PasswordManagementAdminPage.htmTechnical Description
- https://www.topquadrant.com/release-note/7-3/Release Notes
- https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txtRelease Notes
FAQ
What is CVE-2024-45744?
CVE-2024-45744 is a vulnerability with a CVSS score of 3.0 (LOW). TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords sto...
How severe is CVE-2024-45744?
CVE-2024-45744 has been rated LOW with a CVSS base score of 3.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-45744?
Check the references section above for vendor advisories and patch information. Affected products include: Topquadrant Topbraid Edg.