cvedb.io
CVE-2024-45744
LOW · CVSS 3
EPSS exploitation probability: 0%
Published 2024-09-27T16:15:04.940 · Last modified 2026-06-17T07:54:44.210

Summary

TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.

Affected products

topquadrant — topbraid_edg

Does this affect you?

Add your gear to cvedb and we'll alert you only when topquadrant ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.