CWE-316
AllowedCleartext Storage of Sensitive Information in Memory
Abstraction: Variant · Status: Draft
The product stores sensitive information in cleartext in memory.
62 vulnerabilities reference this CWE, most recent first.
GHSA-XFPJ-Q55P-7H2M
Vulnerability from github – Published: 2026-06-22 18:34 – Updated: 2026-06-26 21:32IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.
{
"affected": [],
"aliases": [
"CVE-2026-8636"
],
"database_specific": {
"cwe_ids": [
"CWE-316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-22T16:16:42Z",
"severity": "MODERATE"
},
"details": "IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can\u00a0use the same keys to decrypt password, gain access to the application and access sensitive\u00a0data in the database.",
"id": "GHSA-xfpj-q55p-7h2m",
"modified": "2026-06-26T21:32:06Z",
"published": "2026-06-22T18:34:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8636"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7276609"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XHHP-64QQ-P9X5
Vulnerability from github – Published: 2024-09-10 15:31 – Updated: 2024-09-10 15:31A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump.
{
"affected": [],
"aliases": [
"CVE-2024-35282"
],
"database_specific": {
"cwe_ids": [
"CWE-312",
"CWE-316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T15:15:16Z",
"severity": "MODERATE"
},
"details": "A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump.",
"id": "GHSA-xhhp-64qq-p9x5",
"modified": "2024-09-10T15:31:05Z",
"published": "2024-09-10T15:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35282"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-139"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.