CVE-2024-45744
3.0LOWTopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords sto
게시됨: 9/27/2024업데이트됨: 10/2/2025
설명
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.
AI 분석AI 기반
영향받는 제품
topquadranttopbraid_edg
7.1.3
참조
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.jsonThird Party Advisory
- https://www.topquadrant.com/doc/latest/administrator_guide/edg_installation_and_authentication/hashicorp_integration.htmlTechnical Description
- https://www.topquadrant.com/doc/latest/reference/PasswordManagementAdminPage.htmlTechnical Description
- https://www.topquadrant.com/release-note/7-3/Release Notes
- https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txtRelease Notes