Common Weakness Enumeration

CWE-316

Allowed

Cleartext Storage of Sensitive Information in Memory

Abstraction: Variant · Status: Draft

The product stores sensitive information in cleartext in memory.

62 vulnerabilities reference this CWE, most recent first.

GHSA-XFPJ-Q55P-7H2M

Vulnerability from github – Published: 2026-06-22 18:34 – Updated: 2026-06-26 21:32
VLAI
Details

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8636"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-316"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-22T16:16:42Z",
    "severity": "MODERATE"
  },
  "details": "IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can\u00a0use the same keys to decrypt password, gain access to the application and access sensitive\u00a0data in the database.",
  "id": "GHSA-xfpj-q55p-7h2m",
  "modified": "2026-06-26T21:32:06Z",
  "published": "2026-06-22T18:34:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8636"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7276609"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHHP-64QQ-P9X5

Vulnerability from github – Published: 2024-09-10 15:31 – Updated: 2024-09-10 15:31
VLAI
Details

A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35282"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-316"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T15:15:16Z",
    "severity": "MODERATE"
  },
  "details": "A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump.",
  "id": "GHSA-xhhp-64qq-p9x5",
  "modified": "2024-09-10T15:31:05Z",
  "published": "2024-09-10T15:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35282"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-139"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.