{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-45744", "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745.\u00a0At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-257 Storing Passwords in a Recoverable Format", "cweId": "CWE-257" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "TopQuadrant", "product": { "product_data": [ { "product_name": "TopBraid EDG", "version": { "version_data": [ { "version_affected": "=", "version_value": "7.1.3" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json", "refsource": "MISC", "name": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json" }, { "url": "https://www.topquadrant.com/doc/latest/reference/PasswordManagementAdminPage.html", "refsource": "MISC", "name": "https://www.topquadrant.com/doc/latest/reference/PasswordManagementAdminPage.html" }, { "url": "https://www.topquadrant.com/doc/latest/administrator_guide/edg_installation_and_authentication/hashicorp_integration.html", "refsource": "MISC", "name": "https://www.topquadrant.com/doc/latest/administrator_guide/edg_installation_and_authentication/hashicorp_integration.html" }, { "url": "https://www.topquadrant.com/release-note/7-3/", "refsource": "MISC", "name": "https://www.topquadrant.com/release-note/7-3/" }, { "url": "https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txt", "refsource": "MISC", "name": "https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txt" } ] }, "credits": [ { "lang": "en", "value": "Donald Macary" } ], "impact": { "cvss": [ { "scope": "CHANGED", "version": "3.1", "baseScore": 3, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW" } ] } }