CVE-2024-45745 MEDIUM

CVE-2024-45745: TopQuadrant TopBraid EDG JavaScript console XXE

Vendor Topquadrant

Product TopBraid EDG

Weakness CWE-611 · XXE

Published September 27, 2024

Last update September 27, 2024

View on NVD All CVEs

CVSS base score

5.0/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

Description

TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721).

Key dates

Disclosure timeline

September 27, 2024 CVE published

September 27, 2024 Record updated