CVE-2018-7119

Published May 10, 2019

Last updated 5 years ago

CVSS high 7.0

Overview

Description: A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all versions on H-series. STDSEC-STANDARD SECURITY PROD All prior versions before T6533L01^ADU or T6533H05^ADW, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND and all versions on H-series . Note that some commands in NonStop Safeguard and NonStop Standard Security software require username and password to be passed as command line parameters, which may lead to a local disclosure of the credentials.
Source: security-alert@hpe.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7
Impact score: 5.9
Exploitability score: 1
Vector string: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 1.9
Impact score: 2.9
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hp:nonstop_safeguard_h_series:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1334495B-CBA5-41A3-A3C6-235BB7388F77"
          },
          {
            "criteria": "cpe:2.3:a:hp:nonstop_safeguard_j_series:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF4F15A0-4ADC-48C5-9C0A-4F5E443B47C4",
            "versionEndExcluding": "t9750h05\\^aih"
          },
          {
            "criteria": "cpe:2.3:a:hp:nonstop_safeguard_l_series:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "603491A6-2BB5-4A08-B819-4FF4F8A2693A",
            "versionEndExcluding": "t9750l01\\^aic"
          },
          {
            "criteria": "cpe:2.3:a:hp:nonstop_standard_security_h_series:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "774EFC8D-2B4C-49A5-9885-C39009B213E1"
          },
          {
            "criteria": "cpe:2.3:a:hp:nonstop_standard_security_j_series:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08168B55-1A1A-49F3-83E7-D6BAFFF413B3",
            "versionEndIncluding": "t6533h05\\^adw"
          },
          {
            "criteria": "cpe:2.3:a:hp:nonstop_standard_security_l_series:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85B60218-AAAB-4A6C-A1DF-0754505EA142",
            "versionEndExcluding": "t6533l01\\^adu"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References