Severity by source
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component.
This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020.
AnalysisAI
Cleartext storage of sensitive information in memory (CWE-316) affects both the Meona Client Launcher Component and the Meona Server Component from Mesalvo, exposing confidential data to local privileged attackers. The CVSS vector (AV:L/PR:H/S:C/C:H) indicates that a locally authenticated administrator can read sensitive material - likely credentials or session tokens - directly from process memory, with the changed scope suggesting this exposure can cascade to resources or components beyond the initially compromised process. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.
Technical ContextAI
CWE-316 describes a class of flaw where an application retains sensitive data - such as passwords, cryptographic keys, or authentication tokens - in process memory in plaintext form rather than applying secure memory handling (e.g., zeroing buffers post-use, using protected memory regions, or encrypting in-memory secrets). The affected products are identified by CPE strings cpe:2.3:a:mesalvo:meona_client_launcher_component and cpe:2.3:a:mesalvo:meona_server_component, covering a healthcare or clinical workflow platform (Meona) developed by Mesalvo. The local attack vector (AV:L) means exploitation requires the attacker to be executing code on the same host, while the changed scope (S:C) in the CVSS vector suggests that the sensitive material held in memory, once read, grants leverage over additional systems or components - consistent with credential exposure enabling lateral movement.
RemediationAI
The primary remediation is to upgrade both affected components beyond the confirmed vulnerable version boundaries - Meona Client Launcher Component beyond the 19.06.2020 15:11:49 build and Meona Server Component beyond 2025.04 5+323020 - once a vendor-released patched version is confirmed. Based on current data, a patch is available per the vendor advisory referenced at https://seccore.at/blog/cves-meona/, but an exact fixed version number was not independently confirmed in the available intelligence; organizations should contact Mesalvo directly to obtain the specific remediated release. As a compensating control where upgrading is not immediately feasible, restrict local administrative access to hosts running Meona components using role-based access controls and privileged access workstations - this directly addresses the PR:H precondition. Additionally, deploy memory-scanning or endpoint detection tooling capable of flagging unexpected process memory reads on sensitive services. Note that restricting admin access may impact legitimate operational workflows and should be coordinated with system owners.
Code injection in Mesalvo Meona Client Launcher Component (through 19.06.2020 15:11:49) and Meona Server Component (thro
Privilege escalation in Mesalvo Meona Client Launcher and Server components allows a low-privileged authenticated user t
Privilege misassignment in Mesalvo Meona Client Launcher and Server components allows authenticated high-privilege users
Mesalvo Meona's Client Launcher and Server components fail to verify data authenticity (CWE-345), enabling a locally aut
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31091
GHSA-49qv-652v-577v