CVE-2024-45744

EPSS 0.05%
Veröffentlicht 27.09.2024 16:15:04
Zuletzt bearbeitet 02.10.2025 15:15:52
Quelle 9119a7d8-5eab-497f-8521-727c67
CVE-Watchlists
Login
Unerledigt
Login

TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Topquadrant ≫ Topbraid Edg Version7.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.135

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
9119a7d8-5eab-497f-8521-727c672e3725	3	1.3	1.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE-257 Storing Passwords in a Recoverable Format

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json

Third Party Advisory

https://www.topquadrant.com/doc/latest/administrator_guide/edg_installation_and_authentication/hashicorp_integration.html

Technical Description

https://www.topquadrant.com/doc/latest/reference/PasswordManagementAdminPage.html

Technical Description

https://www.topquadrant.com/release-note/7-3/

Release Notes

https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txt

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2024-45744

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45744

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45744

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-45744