2 matches found
CVE-2024-45744
TopQuadrant TopBraid EDG stores external credentials in edg-vault.properties and reads secrets from edg-setup.properties, enabling an authenticated attacker with file-system access to decrypt external passwords. Affected from at least v7.1.3; attacker access may be gained via another vulnerabilit...
CVE-2024-45745
TopQuadrant TopBraid EDG before version 8.0.1 is vulnerable to an XXE-style flaw: an authenticated attacker can upload an XML DTD file and execute JavaScript to read local files or access URLs. The root cause is an XML DTD handling/upload feature that allows external entity resolution. Impact is ...