CVE-2019-19362
CVE-2019-19362 is a medium-severity vulnerability in Teamviewer with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-212.
Key facts
- Severity: Medium (CVSS 3.x base score 6.5)
- CVSS v2: 4.0
- EPSS exploit prediction: 2% (79th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-212
- Affected product: Teamviewer
- Published:
- Last modified:
Description
An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges.
Frequently asked questions
- What is CVE-2019-19362?
- An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges.
- How severe is CVE-2019-19362?
- CVE-2019-19362 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2019-19362 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (79th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2019-19362?
- CVE-2019-19362 affects Teamviewer. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2019-19362?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2019-19362 published?
- CVE-2019-19362 was published on 2019-12-02 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:teamviewer:teamviewer:14.3.4730:*:*:*:*:*:*:*
More vulnerabilities in Teamviewer
- CVE-2018-16550 — Critical (CVSS 9.8): TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by…
- CVE-2010-3128 — Critical (CVSS 9.3): Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote…
- CVE-2021-34859 — High (CVSS 8.8): This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0.…
- CVE-2020-13699 — High (CVSS 8.8): TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could…
- CVE-2019-18251 — High (CVSS 8.8): In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS.…
- CVE-2018-14333 — High (CVSS 8.1): TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88]…
All CVEs affecting Teamviewer →
Other CWE-212 vulnerabilities
- CVE-2022-2818 — Critical (CVSS 9.8): Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to…
- CVE-2020-11684 — Critical (CVSS 9.1): AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control…
- CVE-2026-39937 — High (CVSS 8.8): Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation…
- CVE-2022-30617 — High (CVSS 8.8): An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and…
- CVE-2022-0355 — High (CVSS 8.8): Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.
- CVE-2021-0340 — High (CVSS 8.8): In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input…