CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3334 – USB Security Feature Bypass in Digital Guardian Windows Agent Prior to version 8.2.0
https://notcve.org/view.php?id=CVE-2024-3334
A security bypass vulnerability exists in the Removable Media Encryption (RME)component of Digital Guardian Windows Agents prior to version 8.2.0. This allows a user to circumvent encryption controls by modifying metadata on the USB device thereby compromising the confidentiality of the stored data. • https://support.fortra.com/endpoint-dlp/kb-articles/dg-support-notice-security-bypass-vulnerability-with-rme-MTQwYTM5NTctZDk4Ny1lZjExLWFjMjEtNjA0NWJkMDFhMzQ3 https://www.fortra.com/security/advisories/product-security/fi-2024-013 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 3CVE-2023-6253 – Saved Uninstall Key in Digital Guardian Agent Uninstaller
https://notcve.org/view.php?id=CVE-2023-6253
A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file. Una clave de cifrado guardada en el desinstalador Digital Guardian Agent anterior a la versión 7.9.4 permite a un atacante local recuperar la clave de desinstalación y eliminar el software extrayendo la clave de desinstalación de la memoria del archivo de desinstalación. The uninstaller in Fortra Digital Guardian Agent versions prior to 7.9.4 suffers from a cross site scripting vulnerability. Additionally, the Agent Uninstaller handles sensitive data insecurely and caches the Uninstall key in memory. This key can be used to stop or uninstall the application. • http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html http://seclists.org/fulldisclosure/2023/Nov/14 https://r.sec-consult.com/fortra https://www.fortra.com/security • CWE-922: Insecure Storage of Sensitive Information •