CVE-2024-45744

Name: CVE-2024-45744
Creator: NVD / NIST
Published: 2024-09-27T16:15:04.94+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.3/10EPSS 0.22%

Last modified Jun 17, 2026

CVE-2024-45744 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. EPSS estimates a 0.22% chance of exploitation in the next 30 days.

Description

TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.

Metrics

CVSS 3.1

4.3/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

0.22%

12.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Topquadrant	Topbraid Edg	7.1.3

References

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.jsonThird Party Advisory
https://www.topquadrant.com/doc/latest/administrator_guide/edg_installation_and_authentication/hashicorp_integration.htmlTechnical Description
https://www.topquadrant.com/doc/latest/reference/PasswordManagementAdminPage.htmlTechnical Description
https://www.topquadrant.com/release-note/7-3/Release Notes
https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txtRelease Notes

Timeline

Published: Sep 27, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2024-45744?

How severe is CVE-2024-45744?

CVE-2024-45744 has a CVSS score of 4.3/10 (MEDIUM severity). The EPSS model estimates a 0.22% probability of exploitation in the next 30 days.

How do I fix CVE-2024-45744?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-45744?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST