CVE-2024-45745

TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721).

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json	Third Party Advisory
https://www.topquadrant.com/wp-content/uploads/2024/06/changelog-8.0.1.txt	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:topquadrant:topbraid_edg:*:*:*:*:*:*:*:*

History

22 Sep 2025, 17:17

Type	Values Removed	Values Added
CPE		cpe:2.3:a:topquadrant:topbraid_edg::::::::
References	~~() https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json -~~	() https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json - Third Party Advisory
References	~~() https://www.topquadrant.com/wp-content/uploads/2024/06/changelog-8.0.1.txt -~~	() https://www.topquadrant.com/wp-content/uploads/2024/06/changelog-8.0.1.txt - Release Notes
First Time		Topquadrant Topquadrant topbraid Edg

Information

Published : 2024-09-27 16:15

Updated : 2025-09-22 17:17

NVD link : CVE-2024-45745

Mitre link : CVE-2024-45745

CVE.ORG link : CVE-2024-45745

JSON object : View

Products Affected

topquadrant

topbraid_edg

CWE

CWE-611

Improper Restriction of XML External Entity Reference

{"id": "CVE-2024-45745", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-09-27T16:15:05.037", "references": [{"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json", "tags": ["Third Party Advisory"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.topquadrant.com/wp-content/uploads/2024/06/changelog-8.0.1.txt", "tags": ["Release Notes"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721)."}, {"lang": "es", "value": "TopQuadrant TopBraid EDG anterior a la versi\u00f3n 8.0.1 permite que un atacante autenticado cargue un archivo DTD XML y ejecute JavaScript para leer archivos locales o acceder a URL (XXE). Corregido en la versi\u00f3n 8.0.1 (correcci\u00f3n de error: TBS-6721)."}], "lastModified": "2025-09-22T17:17:23.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:topquadrant:topbraid_edg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A0E7462-3ABE-4327-83EE-7CE15E1D6023", "versionEndExcluding": "8.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725"}