[security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v
dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp
cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj
L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzM4ZW5fdXMN
Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j
dW1lbnQgSUQ6IGhwZXNiaGYwMzczOGVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw
MzczOCByZXYuMSAtIEhQRSBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoaU1D
KSBQTEFULCBSZW1vdGUNCkNvZGUgRXhlY3V0aW9uDQoNCk5PVElDRTogVGhlIGluZm9y
bWF0aW9uIGluIHRoaXMgU2VjdXJpdHkgQnVsbGV0aW4gc2hvdWxkIGJlIGFjdGVkIHVw
b24gYXMNCnNvb24gYXMgcG9zc2libGUuDQoNClJlbGVhc2UgRGF0ZTogMjAxNy0wNC0y
Nw0KTGFzdCBVcGRhdGVkOiAyMDE3LTA0LTI3DQoNClBvdGVudGlhbCBTZWN1cml0eSBJ
bXBhY3Q6IFJlbW90ZTogQ29kZSBFeGVjdXRpb24NCg0KU291cmNlOiBIZXdsZXR0IFBh
Y2thcmQgRW50ZXJwcmlzZSwgUHJvZHVjdCBTZWN1cml0eSBSZXNwb25zZSBUZWFtDQoN
ClZVTE5FUkFCSUxJVFkgU1VNTUFSWQ0KUG90ZW50aWFsIHNlY3VyaXR5IHZ1bG5lcmFi
aWxpdGllcyBoYXZlIGJlZW4gaWRlbnRpZmllZCBpbiBIUEUgSW50ZWxsaWdlbnQNCk1h
bmFnZW1lbnQgQ2VudGVyIChpTUMpIFBMQVQuIFRoZXNlIHZ1bG5lcmFiaWxpdGllcyBj
b3VsZCBiZSBleHBsb2l0ZWQNCnJlbW90ZWx5IHRvIGFsbG93IGNvZGUgZXhlY3V0aW9u
Lg0KDQpSZWZlcmVuY2VzOg0KDQogIC0gQ1ZFLTIwMTctNTgwNCAtIFpESS1DQU4tNDUw
Nw0KICAtIENWRS0yMDE3LTU4MDUgLSBaREktQ0FOLTQ1MzkNCiAgLSBDVkUtMjAxNy01
ODA2IC0gWkRJLUNBTi00NTM4DQoNClNVUFBPUlRFRCBTT0ZUV0FSRSBWRVJTSU9OUyo6
IE9OTFkgaW1wYWN0ZWQgdmVyc2lvbnMgYXJlIGxpc3RlZC4NCg0KICAtIEhQRSBJbnRl
bGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoaU1DKSA3LjINCg0KQkFDS0dST1VORA0K
DQogIENWU1MgQmFzZSBNZXRyaWNzDQogID09PT09PT09PT09PT09PT09DQogIFJlZmVy
ZW5jZSwgQ1ZTUyBWMyBTY29yZS9WZWN0b3IsIENWU1MgVjIgU2NvcmUvVmVjdG9yDQoN
CiAgICBDVkUtMjAxNy01ODA0DQogICAgICA5LjggQ1ZTUzozLjAvQVY6Ti9BQzpML1BS
Ok4vVUk6Ti9TOlUvQzpIL0k6SC9BOkgNCiAgICAgIDEwLjAgKEFWOk4vQUM6TC9BdTpO
L0M6Qy9JOkMvQTpDKQ0KDQogICAgQ1ZFLTIwMTctNTgwNQ0KICAgICAgOS44IENWU1M6
My4wL0FWOk4vQUM6TC9QUjpOL1VJOk4vUzpVL0M6SC9JOkgvQTpIDQogICAgICAxMC4w
IChBVjpOL0FDOkwvQXU6Ti9DOkMvSTpDL0E6QykNCg0KICAgIENWRS0yMDE3LTU4MDYN
CiAgICAgIDkuOCBDVlNTOjMuMC9BVjpOL0FDOkwvUFI6Ti9VSTpOL1M6VS9DOkgvSTpI
L0E6SA0KICAgICAgMTAuMCAoQVY6Ti9BQzpML0F1Ok4vQzpDL0k6Qy9BOkMpDQoNCiAg
ICBJbmZvcm1hdGlvbiBvbiBDVlNTIGlzIGRvY3VtZW50ZWQgaW4NCiAgICBIUEUgQ3Vz
dG9tZXIgTm90aWNlIEhQU04tMjAwOC0wMDIgaGVyZToNCg0KaHR0cHM6Ly9oMjA1NjQu
d3d3Mi5ocGUuY29tL2hwc2MvZG9jL3B1YmxpYy9kaXNwbGF5P2RvY0lkPWVtcl9uYS1j
MDEzNDU0OTkNCg0KSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2Ugd291bGQgbGlrZSB0
byB0aGFuayBUcmVuZCBNaWNybydzIFplcm8gRGF5DQpJbml0aWF0aXZlIGZvciByZXBv
cnRpbmcgdGhpcyB2dWxuZXJhYmlsaXR5Lg0KDQpSRVNPTFVUSU9ODQoNCkhQRSBoYXMg
cHJvdmlkZWQgdGhlIGZvbGxvd2luZyBzb2Z0d2FyZSB1cGRhdGVzIHRvIHJlc29sdmUg
dGhlDQp2dWxuZXJhYmlsaXRpZXMgaW4gSW50ZWxsaWdlbnQgTWFuYWdlbWVudCBDZW50
ZXIgKGlNQykgUExBVDoNCg0KRml4ZWQgaW4gSFBFIEludGVsbGlnZW50IE1hbmFnZW1l
bnQgQ2VudGVyIChpTUMpIFBMQVQgRTA1MDQuDQoNClBsZWFzZSBjb250YWN0IEhQRSBU
ZWNobmljYWwgU3VwcG9ydCBpZiBhbnkgYXNzaXN0YW5jZSBpcyBuZWVkZWQgYWNxdWly
aW5nDQp0aGUgc29mdHdhcmUgdXBkYXRlcy4NCg0KSElTVE9SWQ0KVmVyc2lvbjoxIChy
ZXYuMSkgLSAyNyBBcHJpbCAyMDE3IEluaXRpYWwgcmVsZWFzZQ0KDQpUaGlyZCBQYXJ0
eSBTZWN1cml0eSBQYXRjaGVzOiBUaGlyZCBwYXJ0eSBzZWN1cml0eSBwYXRjaGVzIHRo
YXQgYXJlIHRvIGJlDQppbnN0YWxsZWQgb24gc3lzdGVtcyBydW5uaW5nIEhld2xldHQg
UGFja2FyZCBFbnRlcnByaXNlIChIUEUpIHNvZnR3YXJlDQpwcm9kdWN0cyBzaG91bGQg
YmUgYXBwbGllZCBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIGN1c3RvbWVyJ3MgcGF0Y2gg
bWFuYWdlbWVudA0KcG9saWN5Lg0KDQpTdXBwb3J0OiBGb3IgaXNzdWVzIGFib3V0IGlt
cGxlbWVudGluZyB0aGUgcmVjb21tZW5kYXRpb25zIG9mIHRoaXMgU2VjdXJpdHkNCkJ1
bGxldGluLCBjb250YWN0IG5vcm1hbCBIUEUgU2VydmljZXMgc3VwcG9ydCBjaGFubmVs
LiBGb3Igb3RoZXIgaXNzdWVzIGFib3V0DQp0aGUgY29udGVudCBvZiB0aGlzIFNlY3Vy
aXR5IEJ1bGxldGluLCBzZW5kIGUtbWFpbCB0byBzZWN1cml0eS1hbGVydEBocGUuY29t
Lg0KDQpSZXBvcnQ6IFRvIHJlcG9ydCBhIHBvdGVudGlhbCBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IGZvciBhbnkgSFBFIHN1cHBvcnRlZA0KcHJvZHVjdDoNCiAgV2ViIGZvcm06
IGh0dHBzOi8vd3d3LmhwZS5jb20vaW5mby9yZXBvcnQtc2VjdXJpdHktdnVsbmVyYWJp
bGl0eQ0KICBFbWFpbDogc2VjdXJpdHktYWxlcnRAaHBlLmNvbQ0KDQpTdWJzY3JpYmU6
IFRvIGluaXRpYXRlIGEgc3Vic2NyaXB0aW9uIHRvIHJlY2VpdmUgZnV0dXJlIEhQRSBT
ZWN1cml0eSBCdWxsZXRpbg0KYWxlcnRzIHZpYSBFbWFpbDogaHR0cDovL3d3dy5ocGUu
Y29tL3N1cHBvcnQvU3Vic2NyaWJlcl9DaG9pY2UNCg0KU2VjdXJpdHkgQnVsbGV0aW4g
QXJjaGl2ZTogQSBsaXN0IG9mIHJlY2VudGx5IHJlbGVhc2VkIFNlY3VyaXR5IEJ1bGxl
dGlucyBpcw0KYXZhaWxhYmxlIGhlcmU6IGh0dHA6Ly93d3cuaHBlLmNvbS9zdXBwb3J0
L1NlY3VyaXR5X0J1bGxldGluX0FyY2hpdmUNCg0KU29mdHdhcmUgUHJvZHVjdCBDYXRl
Z29yeTogVGhlIFNvZnR3YXJlIFByb2R1Y3QgQ2F0ZWdvcnkgaXMgcmVwcmVzZW50ZWQg
aW4NCnRoZSB0aXRsZSBieSB0aGUgdHdvIGNoYXJhY3RlcnMgZm9sbG93aW5nIEhQU0Iu
DQoNCjNDID0gM0NPTQ0KM1AgPSAzcmQgUGFydHkgU29mdHdhcmUNCkdOID0gSFBFIEdl
bmVyYWwgU29mdHdhcmUNCkhGID0gSFBFIEhhcmR3YXJlIGFuZCBGaXJtd2FyZQ0KTVUg
PSBNdWx0aS1QbGF0Zm9ybSBTb2Z0d2FyZQ0KTlMgPSBOb25TdG9wIFNlcnZlcnMNCk9W
ID0gT3BlblZNUw0KUFYgPSBQcm9DdXJ2ZQ0KU1QgPSBTdG9yYWdlIFNvZnR3YXJlDQpV
WCA9IEhQLVVYDQoNCkNvcHlyaWdodCAyMDE2IEhld2xldHQgUGFja2FyZCBFbnRlcnBy
aXNlDQoNCkhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIHNoYWxsIG5vdCBiZSBsaWFi
bGUgZm9yIHRlY2huaWNhbCBvciBlZGl0b3JpYWwNCmVycm9ycyBvciBvbWlzc2lvbnMg
Y29udGFpbmVkIGhlcmVpbi4gVGhlIGluZm9ybWF0aW9uIHByb3ZpZGVkIGlzIHByb3Zp
ZGVkDQoiYXMgaXMiIHdpdGhvdXQgd2FycmFudHkgb2YgYW55IGtpbmQuIFRvIHRoZSBl
eHRlbnQgcGVybWl0dGVkIGJ5IGxhdywgbmVpdGhlcg0KSFAgb3IgaXRzIGFmZmlsaWF0
ZXMsIHN1YmNvbnRyYWN0b3JzIG9yIHN1cHBsaWVycyB3aWxsIGJlIGxpYWJsZSBmb3IN
CmluY2lkZW50YWwsc3BlY2lhbCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgaW5jbHVk
aW5nIGRvd250aW1lIGNvc3Q7IGxvc3QNCnByb2ZpdHM7IGRhbWFnZXMgcmVsYXRpbmcg
dG8gdGhlIHByb2N1cmVtZW50IG9mIHN1YnN0aXR1dGUgcHJvZHVjdHMgb3INCnNlcnZp
Y2VzOyBvciBkYW1hZ2VzIGZvciBsb3NzIG9mIGRhdGEsIG9yIHNvZnR3YXJlIHJlc3Rv
cmF0aW9uLiBUaGUNCmluZm9ybWF0aW9uIGluIHRoaXMgZG9jdW1lbnQgaXMgc3ViamVj
dCB0byBjaGFuZ2Ugd2l0aG91dCBub3RpY2UuIEhld2xldHQNClBhY2thcmQgRW50ZXJw
cmlzZSBhbmQgdGhlIG5hbWVzIG9mIEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIHBy
b2R1Y3RzDQpyZWZlcmVuY2VkIGhlcmVpbiBhcmUgdHJhZGVtYXJrcyBvZiBIZXdsZXR0
IFBhY2thcmQgRW50ZXJwcmlzZSBpbiB0aGUgVW5pdGVkDQpTdGF0ZXMgYW5kIG90aGVy
IGNvdW50cmllcy4gT3RoZXIgcHJvZHVjdCBhbmQgY29tcGFueSBuYW1lcyBtZW50aW9u
ZWQgaGVyZWluDQptYXkgYmUgdHJhZGVtYXJrcyBvZiB0aGVpciByZXNwZWN0aXZlIG93
bmVycy4NCi0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tClZlcnNpb246IEdudVBH
IHYxCgppUUVjQkFFQkNBQUdCUUpaQWttakFBb0pFTFhoQXh0N1NaYWlGL1lIK3dZejNx
bXlWU3NJRklMVU5FK21WZ1NOClBJSlpEWDA0RzlZYkpUeUlvREZ3eWlOZ3RQSWtkU1Z2
WWtja0NoZkxra2xyTUR3bUt1a0ZtK084VisvYTNjbC8KUjJaTUlGZ0pHY0V5WVZ2V1lj
WktkMURHUmVLT0gwdjhiajZ6eEJESkgrRGJpRDhsMGJKa283dHQ1UUxMZk12eQpSaHNI
Z1l0MitmYmE0MXYraTVIaG1ibzJjekZMRGpGcld3eUY4NzRwc0x6b1NHU3ZhUURhNGxJ
OTFhRW5vQWF3CkEydDBUM1NrM01jdW9JcW5MUXVJRHVzcnJpYUp4elJOR0RGMUtOZDlp
NWVjWW51OEVRUEEzNUJkbUk2Sm4wQ2UKZ0k1Znk3TFVoWDBPYXprMGo0TnNiZTJUZ1Y0
Q2pHVjZWN3NlOE05dE1sQkJmaUw2bmp4VUJsK3Z6dDdjeWxzPQo9dFlDeAotLS0tLUVO
RCBQR1AgU0lHTkFUVVJFLS0tLS0K