Cleartext Storage of Sensitive Information in Memory

CVE-2019-3733

Medium

4.9/10

Summary

RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-316 - Cleartext Storage of Sensitive Information in Memory

The application stores sensitive information in cleartext in memory.

References

Advisory Timeline

Published Sep 30, 2019

Cleartext Storage of Sensitive Information in Memory

CVE-2019-3733

Summary

CWE-316 - Cleartext Storage of Sensitive Information in Memory

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS