CVE-2024-45744

LOW
Published Sep 27, 2024 Modified Oct 2, 2025 CWE-257 CWE-312 CWE-522

Description

TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.

CVSS v3.1 Score

3.0
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

Weakness Type (CWE)

CWE-257 CWE-257
CWE-312 CWE-312
CWE-522 CWE-522

Affected Products

Vendor Product
topquadrant topbraid_edg

References

Frequently Asked Questions

What is CVE-2024-45744? +
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets. It has a CVSS v3.1 base score of 3.0 (LOW).
How severe is CVE-2024-45744? +
CVE-2024-45744 has a CVSS v3.1 score of 3.0 out of 10, rated LOW. This is a low-severity vulnerability with limited impact.
What products are affected by CVE-2024-45744? +
CVE-2024-45744 affects products from topquadrant, specifically: topbraid_edg. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-45744? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-45744 — free, no signup required.

Start Free Scan