How severe is CVE-2024-45744?

CVE-2024-45744 has a CVSS v3 score of 3 (LOW).

CVE-2024-45744

Name: topbraid_edg
Author: topquadrant

3.0LOW

TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords sto

Publicado: 9/27/2024Atualizado: 10/2/2025

Descrição

TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.

Análise IADesenvolvido por IA

Produtos Afetados

topquadranttopbraid_edg

7.1.3

Referências

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json
Third Party Advisory
https://www.topquadrant.com/doc/latest/administrator_guide/edg_installation_and_authentication/hashicorp_integration.html
Technical Description
https://www.topquadrant.com/doc/latest/reference/PasswordManagementAdminPage.html
Technical Description
https://www.topquadrant.com/release-note/7-3/
Release Notes
https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txt
Release Notes