Local Disclosure of Sensitive Information Vulnerability in HPE NonStop Safeguard and NonStop Standard Security Software

Local Disclosure of Sensitive Information Vulnerability in HPE NonStop Safeguard and NonStop Standard Security Software

CVE-2018-7119 · LOW Severity

AV:L/AC:M/AU:N/C:P/I:N/A:N

A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all versions on H-series. STDSEC-STANDARD SECURITY PROD All prior versions before T6533L01^ADU or T6533H05^ADW, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND and all versions on H-series . Note that some commands in NonStop Safeguard and NonStop Standard Security software require username and password to be passed as command line parameters, which may lead to a local disclosure of the credentials.

Learn more about our User Device Pen Test.