Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-316 (在内存中的明文存储) — Vulnerability Class 27

27 vulnerabilities classified as CWE-316 (在内存中的明文存储). AI Chinese analysis included.

CWE-316 represents a critical data exposure weakness where applications retain sensitive information in plaintext within volatile memory rather than encrypting or securely obfuscating it. This vulnerability is typically exploited by attackers with local system access who can analyze core dumps, swap files, or memory snapshots to retrieve unencrypted credentials, session tokens, or personal data left behind after processing. Even if the application crashes or the memory is deallocated without explicit zeroing, residual data often persists in swap space or physical memory pages. To mitigate this risk, developers must implement rigorous memory management practices, such as explicitly overwriting sensitive buffers with zeros before freeing them, utilizing secure memory allocation libraries that prevent swapping, and ensuring that sensitive data is never logged or written to disk in its original form.

MITRE CWE Description
The product stores sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it. It could be argued that such problems are usually only exploitable by those with administrator privileges. However, swapping could cause the memory to be written to disk and leave it accessible to physical attack afterwards. Core dump files might have insecure permissions or be stored in archive files that are accessible to untrusted people. Or, uncleared sensitive memory might be inadvertently exposed to attackers due to another weakness.
Common Consequences (1)
ConfidentialityRead Memory
CVE IDTitleCVSSSeverityPublished
CVE-2026-24319 Information Disclosure Vulnerability in SAP Business One (B1 Client Memory Dump Files) — SAP Business One (B1 Client Memory Dump Files) 5.8 Medium2026-02-10
CVE-2025-61713 Fortinet FortiPAM 安全漏洞 — FortiPAM 3.8 Medium2025-11-18
CVE-2025-4618 Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser — Prisma Browser 5.5 -2025-11-14
CVE-2025-42888 Information Disclosure vulnerability in SAP GUI for Windows — SAP GUI for Windows 5.5 Medium2025-11-11
CVE-2025-9970 Application credential stored in clear text in memory — MConfig 7.4 High2025-10-08
CVE-2025-50109 Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory — ValveLink SOLO 7.7 High2025-07-10
CVE-2025-52579 Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory — ValveLink SOLO 9.4 Critical2025-07-10
CVE-2024-24915 SmartConsole Sensitive Credential Exposure via Memory Dump — Check Point SmartConsole 6.1 Medium2025-06-29
CVE-2025-48930 TeleMessage 安全漏洞 — service 2.8 Low2025-05-28
CVE-2024-49800 IBM ApplinX Information Disclosure — ApplinX 4.3 Medium2025-02-05
CVE-2024-9203 Enpass Password Manager sensitive information in memory — Password Manager 2.5 Low2024-09-26
CVE-2024-35282 Fortinet FortiClient 安全漏洞 — FortiClientiOS 3.9 Medium2024-09-10
CVE-2024-39732 IBM Datacap Navigator information disclosure — Datacap Navigator 4.1 Medium2024-07-14
CVE-2023-23349 Kaspersky Password Manager 安全漏洞 — Kaspersky Password Manager for Windows 2.2 Low2024-03-22
CVE-2022-46141 Siemens SIMATIC STEP 安全漏洞 — SIMATIC STEP 7 (TIA Portal) 4.2 Medium2023-12-12
CVE-2023-44153 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 15 7.5 -2023-09-27
CVE-2023-40724 Siemens QMS Automotive 安全漏洞 — QMS Automotive 7.3 High2023-09-12
CVE-2023-3762 Intergard SGS sensitive information in memory — SGS 4.3 Medium2023-07-19
CVE-2022-29832 Mitsubishi Electric GX Works3 安全漏洞 — GX Works3 3.7 Low2022-11-24
CVE-2022-33918 Dell GeoDrive 安全漏洞 — GeoDrive 5.5 Medium2022-10-12
CVE-2022-0835 AVEVA System Platform Cleartext Storage of Sensitive Information in Memory — AVEVA System Platform 8.1 High2022-04-11
CVE-2021-31989 AXIS Device Manger 安全漏洞 — AXIS Device Manager 4.7 -2021-08-25
CVE-2021-23211 Gallagher Command Centre Server 安全漏洞 — Command Centre 6.0 Medium2021-06-11
CVE-2021-23182 Gallagher Command Centre Server 加密问题漏洞 — Command Centre 6.0 Medium2021-06-11
CVE-2021-32942 InTouch 信息泄露漏洞 — InTouch 6.6 Medium2021-06-09
CVE-2019-3733 Dell RSA BSAFE Crypto-C Micro Edition 信息泄露漏洞 — RSA BSAFE Crypto-C Micro Edition 4.9 -2019-09-30
CVE-2014-2366 Advantech WebAccess Cleartext Storage of Sensitive Information in Memory — WebAccess 6.5 -2014-07-19

Vulnerabilities classified as CWE-316 (在内存中的明文存储) represent 27 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.