CVE-2018-7119

Name of the Vulnerable Software and Affected Versions: HPE NonStop Safeguard versions earlier than SPR T9750L01^AIC or T9750H05^AIH HPE NonStop Standard Security versions prior to T6533L01^ADU or T6533H05^ADW All versions of HPE NonStop Safeguard and HPE NonStop Standard Security on H-series when the PASSWORD-PROMPT configuration attribute is not set to BLIND

Description: A Local Disclosure of Sensitive Information issue was identified, which may lead to the exposure of sensitive credentials. Some commands in the affected software require the username and password to be passed as command line parameters, potentially disclosing the credentials locally.

Recommendations: For HPE NonStop Safeguard versions earlier than SPR T9750L01^AIC or T9750H05^AIH, update to a version that includes the fix. For HPE NonStop Standard Security versions prior to T6533L01^ADU or T6533H05^ADW, update to a version that includes the fix. For all versions on H-series, set the PASSWORD-PROMPT configuration attribute to BLIND to mitigate the issue. As a temporary workaround, consider avoiding the use of commands that require username and password as command line parameters until a patch is available.