CVE-2024-45745

Summary

TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721).

Affected Software

VendorProductVersion RangeStatus
TopQuadrantTopBraid EDG0 < 8.0.1affected
TopQuadrantTopBraid EDG8.0.1unaffected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References