2018-08-31 20:29:00 2020-10-21 00:15:00

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.