{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-45745","assignerOrgId":"9119a7d8-5eab-497f-8521-727c672e3725","state":"PUBLISHED","assignerShortName":"cisa-cg","dateReserved":"2024-09-05T23:12:56.519Z","datePublished":"2024-09-27T15:57:59.876Z","dateUpdated":"2024-09-27T17:43:27.032Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","product":"TopBraid EDG","vendor":"TopQuadrant","versions":[{"lessThan":"8.0.1","status":"affected","version":"0","versionType":"custom"},{"status":"unaffected","version":"8.0.1"}]}],"datePublic":"2024-09-10T00:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721).</p>"}],"value":"TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721)."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-611","description":"CWE-611 Improper Restriction of XML External Entity Reference","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9119a7d8-5eab-497f-8521-727c672e3725","shortName":"cisa-cg","dateUpdated":"2024-09-27T16:50:23.194Z"},"references":[{"name":"url","url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json"},{"name":"url","url":"https://www.topquadrant.com/wp-content/uploads/2024/06/changelog-8.0.1.txt"}],"source":{"discovery":"UNKNOWN"},"title":"TopQuadrant TopBraid EDG JavaScript console XXE","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-27T17:43:16.632957Z","id":"CVE-2024-45745","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-27T17:43:27.032Z"}}]}}