CVE-2024-45745
📋 TL;DR
This vulnerability allows authenticated attackers in TopQuadrant TopBraid EDG to upload XML DTD files containing malicious JavaScript, enabling them to read local files or access external URLs via XXE (XML External Entity) attacks. It affects all authenticated users of TopBraid EDG versions before 8.0.1. The attack requires authentication but can lead to sensitive data exposure.
💻 Affected Systems
- TopQuadrant TopBraid EDG
📦 What is this software?
Topbraid Edg by Topquadrant
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive local files (configuration files, credentials, database files), access internal URLs, and potentially pivot to other systems using stolen credentials or data.
Likely Case
Authenticated malicious users or compromised accounts reading configuration files, accessing internal resources, and exfiltrating sensitive data from the server.
If Mitigated
With proper authentication controls and network segmentation, impact is limited to the application server's file system and accessible network resources.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of XML DTD/XXE techniques. The vulnerability is well-documented in the CWE-611 category.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.0.1
Vendor Advisory: https://www.topquadrant.com/wp-content/uploads/2024/06/changelog-8.0.1.txt
Restart Required: Yes
Instructions:
1. Download TopBraid EDG version 8.0.1 or later from TopQuadrant. 2. Backup current installation and data. 3. Install the new version following vendor documentation. 4. Restart the application server. 5. Verify functionality.
🔧 Temporary Workarounds
Disable DTD processing
allConfigure XML parsers to disable DTD processing and external entity resolution
Configure application server XML parser settings: set FEATURE_SECURE_PROCESSING=true, disable external-general-entities and external-parameter-entities
Restrict file uploads
allImplement strict file upload validation to block XML DTD files
Configure file upload filters to reject files with .dtd, .xml extensions or containing DOCTYPE declarations
🧯 If You Can't Patch
- Implement strict network segmentation to isolate TopBraid EDG servers from sensitive internal resources
- Enhance authentication monitoring and implement multi-factor authentication for all users
🔍 How to Verify
Check if Vulnerable:
Check TopBraid EDG version via admin interface or configuration files. Versions before 8.0.1 are vulnerable.Check Version:
Check application.properties or version.txt files in installation directory, or use admin web interfaceVerify Fix Applied:
Verify version is 8.0.1 or later in admin interface. Test XML upload functionality with DTD files to ensure they are rejected.📡 Detection & Monitoring
Log Indicators:
- Unusual XML file uploads
- Multiple failed XML parsing attempts
- Requests containing DOCTYPE or SYSTEM declarations
- Outbound connections from application server to unexpected URLs
Network Indicators:
- HTTP requests with XML payloads containing external entity references
- Outbound connections from application server to file:// or http:// URLs in XML payloads
SIEM Query:
source="topbraid-logs" AND (message="*DOCTYPE*" OR message="*SYSTEM*" OR message="*ENTITY*")