CVE-2024-45745
5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Summary
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TopQuadrant | TopBraid EDG | 0 < 8.0.1 | affected |
| TopQuadrant | TopBraid EDG | 8.0.1 | unaffected |
Weaknesses
- CWE-611: CWE-611 Improper Restriction of XML External Entity Reference
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json
- https://www.topquadrant.com/wp-content/uploads/2024/06/changelog-8.0.1.txt
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.