CVE-2018-7119

Severity Score

7.0

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all versions on H-series. STDSEC-STANDARD SECURITY PROD All prior versions before T6533L01^ADU or T6533H05^ADW, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND and all versions on H-series . Note that some commands in NonStop Safeguard and NonStop Standard Security software require username and password to be passed as command line parameters, which may lead to a local disclosure of the credentials.

Se identificó una vulnerabilidad de Revelación de información local sensible en HPE NonStop Safeguard, versión anterior a SPR T9750L01^AIC o T9750H05^AIH, y en versiones posteriores cuando el atributo de configuración PASSWORD-PROMPT no está configurado en BLIND; todas las versiones en H-series. STDSEC-STANDARD SECURITY PROD Todas las versiones anteriores a T6533L01^ADU o T6533H05^ADW, y las versiones posteriores cuando el atributo de configuración PASSWORD-PROMPT no está configurado en BLIND y todas las versiones de la serie H . Tenga en cuenta que algunos comandos del software NonStop Safeguard y NonStop Standard Security requieren que el nombre de usuario y la contraseña se pasen como parámetros de línea de comandos, lo que puede causar una divulgación local de las credenciales.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-02-15 CVE Reserved
2019-05-10 CVE Published
2023-03-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03910en_us	2020-08-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hp Search vendor "Hp"		Nonstop Safeguard H Series Search vendor "Hp" for product "Nonstop Safeguard H Series"				*		-		Affected
Hp Search vendor "Hp"		Nonstop Safeguard J Series Search vendor "Hp" for product "Nonstop Safeguard J Series"				< t9750h05\^aih Search vendor "Hp" for product "Nonstop Safeguard J Series" and version " < t9750h05\^aih"		-		Affected
Hp Search vendor "Hp"		Nonstop Safeguard L Series Search vendor "Hp" for product "Nonstop Safeguard L Series"				< t9750l01\^aic Search vendor "Hp" for product "Nonstop Safeguard L Series" and version " < t9750l01\^aic"		-		Affected
Hp Search vendor "Hp"		Nonstop Standard Security H Series Search vendor "Hp" for product "Nonstop Standard Security H Series"				*		-		Affected
Hp Search vendor "Hp"		Nonstop Standard Security J Series Search vendor "Hp" for product "Nonstop Standard Security J Series"				<= t6533h05\^adw Search vendor "Hp" for product "Nonstop Standard Security J Series" and version " <= t6533h05\^adw"		-		Affected
Hp Search vendor "Hp"		Nonstop Standard Security L Series Search vendor "Hp" for product "Nonstop Standard Security L Series"				< t6533l01\^adu Search vendor "Hp" for product "Nonstop Standard Security L Series" and version " < t6533l01\^adu"		-		Affected