CVE-2024-9203

CVSS v3 2.5 LOW
CVSS v2.0 1.0 LOW

2.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.0^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:H/Au:S/C:P/I:N/A:N

Exploitability : 1.5 / Impact : 2.9

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

A

vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 6.10.1 is able to address this issue. It is recommended to upgrade the affected component.

References

Link	Resource
https://vuldb.com/?ctiid.278561
https://vuldb.com/?id.278561
https://vuldb.com/?submit.411207
https://www.enpass.io/release-notes/windows-10-desktop/

Configurations

No configuration.

History

30 Sep 2024, 12:46

Type	Values Removed	Values Added
Summary		(es) Se ha descubierto una vulnerabilidad clasificada como problemática en Enpass Password Manager hasta la versión 6.9.5 en Windows. Este problema afecta a algunos procesos desconocidos. La manipulación provoca el almacenamiento en texto plano de información confidencial en la memoria. Un ataque debe abordarse localmente. La complejidad de un ataque es bastante alta. Se sabe que la explotación es difícil. La actualización a la versión 6.10.1 puede solucionar este problema. Se recomienda actualizar el componente afectado.

26 Sep 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-26 17:15

Updated : 2024-09-30 12:46

NVD link : CVE-2024-9203

Mitre link : CVE-2024-9203

CVE.ORG link : CVE-2024-9203

JSON object : View

Products Affected

No product.

CWE

CWE-316

Cleartext Storage of Sensitive Information in Memory

{"id": "CVE-2024-9203", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 1.0, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.5, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.0}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 2.0, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-26T17:15:04.593", "references": [{"url": "https://vuldb.com/?ctiid.278561", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.278561", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.411207", "source": "[email protected]"}, {"url": "https://www.enpass.io/release-notes/windows-10-desktop/", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-316"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 6.10.1 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad clasificada como problem\u00e1tica en Enpass Password Manager hasta la versi\u00f3n 6.9.5 en Windows. Este problema afecta a algunos procesos desconocidos. La manipulaci\u00f3n provoca el almacenamiento en texto plano de informaci\u00f3n confidencial en la memoria. Un ataque debe abordarse localmente. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. La actualizaci\u00f3n a la versi\u00f3n 6.10.1 puede solucionar este problema. Se recomienda actualizar el componente afectado."}], "lastModified": "2024-09-30T12:46:20.237", "sourceIdentifier": "[email protected]"}