CVE-2024-45745 | THREATINT

Description

TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721).

PUBLISHED Reserved 2024-09-05 | Published 2024-09-27 | Updated 2024-09-27 | Assigner cisa-cg

MEDIUM: 5.0CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Problem types

CWE-611 Improper Restriction of XML External Entity Reference

Product status

Default status

unknown

Any version before 8.0.1

affected

8.0.1

unaffected

References

raw.githubusercontent.com/...IT/white/2024/va-24-254-02.json (url)

www.topquadrant.com/...t/uploads/2024/06/changelog-8.0.1.txt (url)

cve.org (CVE-2024-45745)

nvd.nist.gov (CVE-2024-45745)

Download JSON