CVE-2024-45744

TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.

CVSS v3 3.0 LOW

3.0^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.3 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json	Third Party Advisory
https://www.topquadrant.com/doc/latest/administrator_guide/edg_installation_and_authentication/hashicorp_integration.html	Technical Description
https://www.topquadrant.com/doc/latest/reference/PasswordManagementAdminPage.html	Technical Description
https://www.topquadrant.com/release-note/7-3/	Release Notes
https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txt	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:topquadrant:topbraid_edg:7.1.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-09-27 16:15

Updated : 2025-10-02 15:15

NVD link : CVE-2024-45744

Mitre link : CVE-2024-45744

CVE.ORG link : CVE-2024-45744

JSON object : View

Products Affected

topquadrant

topbraid_edg

CWE

CWE-257

Storing Passwords in a Recoverable Format

CWE-312

Cleartext Storage of Sensitive Information

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2024-45744", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.0, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-09-27T16:15:04.940", "references": [{"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json", "tags": ["Third Party Advisory"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.topquadrant.com/doc/latest/administrator_guide/edg_installation_and_authentication/hashicorp_integration.html", "tags": ["Technical Description"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.topquadrant.com/doc/latest/reference/PasswordManagementAdminPage.html", "tags": ["Technical Description"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.topquadrant.com/release-note/7-3/", "tags": ["Release Notes"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txt", "tags": ["Release Notes"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "description": [{"lang": "en", "value": "CWE-257"}, {"lang": "en", "value": "CWE-312"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745.\u00a0At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets."}, {"lang": "es", "value": "TopQuadrant TopBraid EDG almacena credenciales externas de forma insegura. Un atacante autenticado con acceso al sistema de archivos puede leer edg-setup.properites y obtener el secreto para descifrar las contrase\u00f1as externas almacenadas en edg-vault.properties. Un atacante autenticado podr\u00eda obtener acceso al sistema de archivos utilizando una vulnerabilidad independiente como CVE-2024-45745. Al menos la versi\u00f3n 7.1.3 est\u00e1 afectada. La versi\u00f3n 7.3 agrega la integraci\u00f3n de HashiCorp Vault que no almacena las contrase\u00f1as externas de forma local."}], "lastModified": "2025-10-02T15:15:52.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:topquadrant:topbraid_edg:7.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6106B9F4-797A-48F2-A625-64220550527C"}], "operator": "OR"}]}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725"}