CVEbaza.plSłownik CWECWE-316
Common Weakness Enumeration

CWE-316

Cleartext Storage of Sensitive Information in Memory

Kategoria: VariantCVE: 36
Opis

Produkt przechowuje wrażliwe informacje w tekście jawnym w pamięci. Stanowi to zagrożenie bezpieczeństwa, ponieważ dane mogą być odczytane przez nieautoryzowane procesy lub osoby.

Description (EN)

The product stores sensitive information in cleartext in memory.

Podatności CVE z CWE-316 (36)
9.3
CVSS
CRITICAL
CVE-2025-52579

Produkty Emerson ValveLink przechowują wrażliwe informacje w pamięci operacyjnej w postaci niezaszyfrowanego tekstu (cleartext). Stanowi to poważne zagrożenie, ponieważ dane te mogą zostać ujawnione poprzez zapis na dysk, zrzut pamięci (core dump) lub pozostać dostępne po awarii aplikacji.

pub. 2025-07-11
9.0
CVSS
HIGH
CVE-2014-2366

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.

pub. 2014-07-19
8.5
CVSS
HIGH
CVE-2025-50109

Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.

pub. 2025-07-11
8.2
CVSS
HIGH
CVE-2024-36792

An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin.

pub. 2024-06-07
8.1
CVSS
HIGH
CVE-2022-0835

AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.

pub. 2022-04-11
7.5
CVSS
HIGH
CVE-2023-44153

Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.

pub. 2023-09-27
7.3
CVSS
HIGH
CVE-2023-40724

A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation.

pub. 2023-09-12
6.7
CVSS
MEDIUM
CVE-2024-25649

In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies.

pub. 2024-03-14
6.6
CVSS
MEDIUM
CVE-2021-32942

The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.

pub. 2021-06-09
6.5
CVSS
MEDIUM
CVE-2025-60794

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access techniques, potentially leading to session hijacking.

pub. 2025-11-20
6.5
CVSS
MEDIUM
CVE-2024-33900

KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.

pub. 2024-05-20
6.5
CVSS
MEDIUM
CVE-2024-33901

Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.

pub. 2024-05-20
6.2
CVSS
MEDIUM
CVE-2025-60791

Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump and then they can be used to activate the software on the same machine without purchasing.

pub. 2025-10-27
6.1
CVSS
MEDIUM
CVE-2024-24915

Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them.

pub. 2025-06-29
6.0
CVSS
MEDIUM
CVE-2026-0857

Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.

pub. 2026-05-20
6.0
CVSS
MEDIUM
CVE-2021-23182

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30.

pub. 2021-06-11
6.0
CVSS
MEDIUM
CVE-2021-23211

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3).

pub. 2021-06-11
5.8
CVSS
MEDIUM
CVE-2026-24319

In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.

pub. 2026-02-10
5.7
CVSS
MEDIUM
CVE-2025-9970

Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.

pub. 2025-10-08
5.5
CVSS
MEDIUM
CVE-2026-8636

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.

pub. 2026-06-22
Pokazano 20 z 36 podatności
Informacje
ID: CWE-316
Typ: Variant
Podatności: 36
MITRE CWE ↗
← Słownik CWE