CVE-2024-45745

Published: Sep 27, 2024Modified: Sep 22, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721).

Affected (1)

Products: Topquadrant: Topbraid Edg

Topquadrant

1 product

Topbraid Edg

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Topquadrant Topbraid Edg	Before 8.0.1

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Third Party Advisory

https://www.topquadrant.com/wp-content/uploads/2024/06/changelog-8.0.1.txt

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Release Notes

Timeline

No history available yet.