| Summary | TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. |
|---|---|
| Publication Date | Sept. 28, 2024, 1:15 a.m. |
| Registration Date | Sept. 28, 2024, 5 a.m. |
| Last Update | Sept. 30, 2024, 9:45 p.m. |
| Title | TopQuadrant Inc. の TopBraid EDG における認証情報の不十分な保護に関する脆弱性 |
|---|---|
| Summary | TopQuadrant Inc. の TopBraid EDG には、認証情報の不十分な保護に関する脆弱性が存在します。 |
| Possible impacts | 情報を取得される可能性があります。 |
| Solution | 参考情報を参照して適切な対策を実施してください。 |
| Publication Date | Sept. 27, 2024, midnight |
| Registration Date | Sept. 30, 2025, 4:49 p.m. |
| Last Update | Sept. 30, 2025, 4:49 p.m. |
| TopQuadrant Inc. |
| TopBraid EDG 7.1.3 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2025年09月30日] 掲載 |
Sept. 30, 2025, 4:49 p.m. |