[security bulletin] HPESBHF03745 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v
dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp
cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj
L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzQ1ZW5fdXMN
Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j
dW1lbnQgSUQ6IGhwZXNiaGYwMzc0NWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw
Mzc0NSByZXYuMSAtIEhQRSBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoaU1D
KSBQTEFULCBSZW1vdGUNCkNvZGUgRXhlY3V0aW9uDQoNCk5PVElDRTogVGhlIGluZm9y
bWF0aW9uIGluIHRoaXMgU2VjdXJpdHkgQnVsbGV0aW4gc2hvdWxkIGJlIGFjdGVkIHVw
b24gYXMNCnNvb24gYXMgcG9zc2libGUuDQoNClJlbGVhc2UgRGF0ZTogMjAxNy0wNS0x
NA0KTGFzdCBVcGRhdGVkOiAyMDE3LTA1LTE0DQoNClBvdGVudGlhbCBTZWN1cml0eSBJ
bXBhY3Q6IFJlbW90ZTogQ29kZSBFeGVjdXRpb24NCg0KU291cmNlOiBIZXdsZXR0IFBh
Y2thcmQgRW50ZXJwcmlzZSwgUHJvZHVjdCBTZWN1cml0eSBSZXNwb25zZSBUZWFtDQoN
ClZVTE5FUkFCSUxJVFkgU1VNTUFSWQ0KUG90ZW50aWFsIHNlY3VyaXR5IHZ1bG5lcmFi
aWxpdGllcyBoYXZlIGJlZW4gaWRlbnRpZmllZCBpbiBIUEUgSW50ZWxsaWdlbnQNCk1h
bmFnZW1lbnQgQ2VudGVyIChpTUMpIFBMQVQuIFRoZSB2dWxuZXJhYmlsaXRpZXMgY291
bGQgYmUgZXhwbG9pdGVkIHJlbW90ZWx5DQp0byBhbGxvdyBleGVjdXRpb24gb2YgY29k
ZS4NCg0KUmVmZXJlbmNlczoNCg0KICAtIENWRS0yMDE3LTU4MTYNCiAgLSBDVkUtMjAx
Ny01ODE3DQogIC0gQ1ZFLTIwMTctNTgxOA0KICAtIENWRS0yMDE3LTU4MTkNCg0KU1VQ
UE9SVEVEIFNPRlRXQVJFIFZFUlNJT05TKjogT05MWSBpbXBhY3RlZCB2ZXJzaW9ucyBh
cmUgbGlzdGVkLg0KDQogIC0gSFAgSW50ZWxsaWdlbnQgTWFuYWdlbWVudCBDZW50ZXIg
KGlNQykgQWxsIHZlcnNpb24gcHJpb3IgdG8gSU1DIFBMQVQgNy4zDQpFMDUwNFAwNCAt
IFBsZWFzZSByZWZlciB0byB0aGUgUkVTT0xVVElPTiBiZWxvdyBmb3IgYSBsaXN0IG9m
IGltcGFjdGVkDQpwcm9kdWN0cy4gDQoNCkJBQ0tHUk9VTkQNCg0KICBDVlNTIEJhc2Ug
TWV0cmljcw0KICA9PT09PT09PT09PT09PT09PQ0KICBSZWZlcmVuY2UsIENWU1MgVjMg
U2NvcmUvVmVjdG9yLCBDVlNTIFYyIFNjb3JlL1ZlY3Rvcg0KDQogICAgQ1ZFLTIwMTct
NTgxNg0KICAgICAgOS44IENWU1M6My4wL0FWOk4vQUM6TC9QUjpOL1VJOk4vUzpVL0M6
SC9JOkgvQTpIDQogICAgICAxMC4wIChBVjpOL0FDOkwvQXU6Ti9DOkMvSTpDL0E6QykN
Cg0KICAgIENWRS0yMDE3LTU4MTcNCiAgICAgIDkuOCBDVlNTOjMuMC9BVjpOL0FDOkwv
UFI6Ti9VSTpOL1M6VS9DOkgvSTpIL0E6SA0KICAgICAgMTAuMCAoQVY6Ti9BQzpML0F1
Ok4vQzpDL0k6Qy9BOkMpDQoNCiAgICBDVkUtMjAxNy01ODE4DQogICAgICA3LjUgQ1ZT
UzozLjAvQVY6Ti9BQzpML1BSOk4vVUk6Ti9TOlUvQzpOL0k6Ti9BOkgNCiAgICAgIDcu
OCAoQVY6Ti9BQzpML0F1Ok4vQzpOL0k6Ti9BOkMpDQoNCiAgICBDVkUtMjAxNy01ODE5
DQogICAgICA5LjggQ1ZTUzozLjAvQVY6Ti9BQzpML1BSOk4vVUk6Ti9TOlUvQzpIL0k6
SC9BOkgNCiAgICAgIDEwLjAgKEFWOk4vQUM6TC9BdTpOL0M6Qy9JOkMvQTpDKQ0KDQog
ICAgSW5mb3JtYXRpb24gb24gQ1ZTUyBpcyBkb2N1bWVudGVkIGluDQogICAgSFBFIEN1
c3RvbWVyIE5vdGljZSBIUFNOLTIwMDgtMDAyIGhlcmU6DQoNCmh0dHBzOi8vaDIwNTY0
Lnd3dzIuaHBlLmNvbS9ocHNjL2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEt
YzAxMzQ1NDk5DQoNCkhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIHRoYW5rcyBzenRp
dmkgZm9yIHdvcmtpbmcgd2l0aCBUcmVuZCBNaWNybydzIFplcm8NCkRheSBJbml0aWF0
aXZlIChaREkpIGZvciByZXBvcnRpbmcgdGhlc2UgdnVsbmVyYWJpbGl0aWVzIHRvDQpz
ZWN1cml0eS1hbGVydEBocGUuY29tDQoNClJFU09MVVRJT04NCg0KSFBFIGhhcyBtYWRl
IHRoZSBmb2xsb3dpbmcgc29mdHdhcmUgdXBkYXRlIGF2YWlsYWJsZSB0byByZXNvbHZl
IHRoZQ0KdnVsbmVyYWJpbGl0aWVzIGluIHRoZSBpTUMgUExBVCBuZXR3b3JrIHByb2R1
Y3RzIGxpc3RlZC4gDQoNCiAgKyAqKmlNQyBQTEFUIC0gVmVyc2lvbjogRml4ZWQgaW4g
SU1DIFBMQVQgNy4zIEUwNTA0UDA0KioNCiAgICAqIEhQIE5ldHdvcmsgUHJvZHVjdHMN
CiAgICAgIC0gSkQxMjVBICBIUCBJTUMgU3RkIFMvVyBQbGF0Zm9ybSB3LzEwMC1ub2Rl
DQogICAgICAtIEpEMTI2QSAgSFAgSU1DIEVudCBTL1cgUGxhdGZvcm0gdy8xMDAtbm9k
ZQ0KICAgICAgLSBKRDgwOEEgIEhQIElNQyBFbnQgUGxhdGZvcm0gdy8xMDAtbm9kZSBM
aWNlbnNlDQogICAgICAtIEpEODE0QSAgIEhQIEEtSU1DIEVudGVycHJpc2UgRWRpdGlv
biBTb2Z0d2FyZSBEVkQgTWVkaWENCiAgICAgIC0gSkQ4MTVBICBIUCBJTUMgU3RkIFBs
YXRmb3JtIHcvMTAwLW5vZGUgTGljZW5zZQ0KICAgICAgLSBKRDgxNkEgIEhQIEEtSU1D
IFN0YW5kYXJkIEVkaXRpb24gU29mdHdhcmUgRFZEIE1lZGlhDQogICAgICAtIEpGMjg4
QUFFICBIUCBOZXR3b3JrIERpcmVjdG9yIHRvIEludGVsbGlnZW50IE1hbmFnZW1lbnQg
Q2VudGVyDQpVcGdyYWRlIEUtTFRVDQogICAgICAtIEpGMjg5QUFFICBIUCBFbnRlcnBy
aXNlIE1hbmFnZW1lbnQgU3lzdGVtIHRvIEludGVsbGlnZW50IE1hbmFnZW1lbnQNCkNl
bnRlciBVcGdyYWRlIEUtTFRVDQogICAgICAtIEpGMzc3QSAgSFAgSU1DIFN0ZCBTL1cg
UGxhdGZvcm0gdy8xMDAtbm9kZSBMaWMNCiAgICAgIC0gSkYzNzdBQUUgIEhQIElNQyBT
dGQgUy9XIFBsdGZybSB3LzEwMC1ub2RlIEUtTFRVDQogICAgICAtIEpGMzc4QSAgSFAg
SU1DIEVudCBTL1cgUGxhdGZvcm0gdy8yMDAtbm9kZSBMaWMNCiAgICAgIC0gSkYzNzhB
QUUgIEhQIElNQyBFbnQgUy9XIFBsdGZybSB3LzIwMC1ub2RlIEUtTFRVDQogICAgICAt
IEpHNTQ2QUFFICBIUCBJTUMgQmFzaWMgU1cgUGxhdGZvcm0gdy81MC1ub2RlIEUtTFRV
DQogICAgICAtIEpHNTQ4QUFFICBIUCBQQ00rIHRvIElNQyBCc2MgVXBnciB3LzUwLW5v
ZGUgRS1MVFUNCiAgICAgIC0gSkc1NDlBQUUgIEhQIFBDTSsgdG8gSU1DIFN0ZCBVcGdy
IHcvMjAwLW5vZGUgRS1MVFUNCiAgICAgIC0gSkc3NDdBQUUgIEhQIElNQyBTdGQgU1cg
UGxhdCB3LyA1MCBOb2RlcyBFLUxUVQ0KICAgICAgLSBKRzc0OEFBRSAgSFAgSU1DIEVu
dCBTVyBQbGF0IHcvIDUwIE5vZGVzIEUtTFRVDQogICAgICAtIEpHNzY4QUFFICBIUCBQ
Q00rIHRvIElNQyBTdGQgVXBnIHcvIDIwMC1ub2RlIEUtTFRVDQogICAgICAtIEpHNTUw
QUFFIEhQRSBQQ00rIE1vYmlsaXR5IE1hbmFnZXIgdG8gSU1DIEJhc2ljIFdMQU4gUGxh
dGZvcm0gVXBncmFkZQ0KNTAtbm9kZSBhbmQgMTUwLUFQIEUtTFRVDQogICAgICAtIEpH
NTkwQUFFIEhQRSBJTUMgQmFzaWMgV0xBTiBNYW5hZ2VyIFNvZnR3YXJlIFBsYXRmb3Jt
IDUwIEFjY2VzcyBQb2ludA0KRS1MVFUNCiAgICAgIC0gSkc2NjBBQUUgSFAgSU1DIFNt
YXJ0IENvbm5lY3Qgd2l0aCBXaXJlbGVzcyBNYW5hZ2VyIFZpcnR1YWwgQXBwbGlhbmNl
DQpFZGl0aW9uIEUtTFRVDQogICAgICAtIEpHNzY2QUFFIEhQIElNQyBTbWFydCBDb25u
ZWN0IFZpcnR1YWwgQXBwbGlhbmNlIEVkaXRpb24gRS1MVFUNCiAgICAgIC0gSkc3NjdB
QUUgSFAgSU1DIFNtYXJ0IENvbm5lY3Qgd2l0aCBXaXJlbGVzcyBNYW5hZ2VyIFZpcnR1
YWwgQXBwbGlhbmNlDQpFZGl0aW9uIEUtTFRVDQogICAgICAtIEpHNzY4QUFFIEhQRSBQ
Q00rIHRvIElNQyBTdGFuZGFyZCBTb2Z0d2FyZSBQbGF0Zm9ybSBVcGdyYWRlIHdpdGgN
CjIwMC1ub2RlIEUtTFRVDQoNCioqTm90ZToqKiBQbGVhc2UgY29udGFjdCBIUEUgVGVj
aG5pY2FsIFN1cHBvcnQgaWYgYW55IGFzc2lzdGFuY2UgaXMgbmVlZGVkDQphY3F1aXJp
bmcgdGhlIHNvZnR3YXJlIHVwZGF0ZXMuDQoNCkhJU1RPUlkNClZlcnNpb246MSAocmV2
LjEpIC0gMTEgTWF5IDIwMTcgSW5pdGlhbCByZWxlYXNlDQoNClRoaXJkIFBhcnR5IFNl
Y3VyaXR5IFBhdGNoZXM6IFRoaXJkIHBhcnR5IHNlY3VyaXR5IHBhdGNoZXMgdGhhdCBh
cmUgdG8gYmUNCmluc3RhbGxlZCBvbiBzeXN0ZW1zIHJ1bm5pbmcgSGV3bGV0dCBQYWNr
YXJkIEVudGVycHJpc2UgKEhQRSkgc29mdHdhcmUNCnByb2R1Y3RzIHNob3VsZCBiZSBh
cHBsaWVkIGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgY3VzdG9tZXIncyBwYXRjaCBtYW5h
Z2VtZW50DQpwb2xpY3kuDQoNClN1cHBvcnQ6IEZvciBpc3N1ZXMgYWJvdXQgaW1wbGVt
ZW50aW5nIHRoZSByZWNvbW1lbmRhdGlvbnMgb2YgdGhpcyBTZWN1cml0eQ0KQnVsbGV0
aW4sIGNvbnRhY3Qgbm9ybWFsIEhQRSBTZXJ2aWNlcyBzdXBwb3J0IGNoYW5uZWwuIEZv
ciBvdGhlciBpc3N1ZXMgYWJvdXQNCnRoZSBjb250ZW50IG9mIHRoaXMgU2VjdXJpdHkg
QnVsbGV0aW4sIHNlbmQgZS1tYWlsIHRvIHNlY3VyaXR5LWFsZXJ0QGhwZS5jb20uDQoN
ClJlcG9ydDogVG8gcmVwb3J0IGEgcG90ZW50aWFsIHNlY3VyaXR5IHZ1bG5lcmFiaWxp
dHkgZm9yIGFueSBIUEUgc3VwcG9ydGVkDQpwcm9kdWN0Og0KICBXZWIgZm9ybTogaHR0
cHM6Ly93d3cuaHBlLmNvbS9pbmZvL3JlcG9ydC1zZWN1cml0eS12dWxuZXJhYmlsaXR5
DQogIEVtYWlsOiBzZWN1cml0eS1hbGVydEBocGUuY29tDQoNClN1YnNjcmliZTogVG8g
aW5pdGlhdGUgYSBzdWJzY3JpcHRpb24gdG8gcmVjZWl2ZSBmdXR1cmUgSFBFIFNlY3Vy
aXR5IEJ1bGxldGluDQphbGVydHMgdmlhIEVtYWlsOiBodHRwOi8vd3d3LmhwZS5jb20v
c3VwcG9ydC9TdWJzY3JpYmVyX0Nob2ljZQ0KDQpTZWN1cml0eSBCdWxsZXRpbiBBcmNo
aXZlOiBBIGxpc3Qgb2YgcmVjZW50bHkgcmVsZWFzZWQgU2VjdXJpdHkgQnVsbGV0aW5z
IGlzDQphdmFpbGFibGUgaGVyZTogaHR0cDovL3d3dy5ocGUuY29tL3N1cHBvcnQvU2Vj
dXJpdHlfQnVsbGV0aW5fQXJjaGl2ZQ0KDQpTb2Z0d2FyZSBQcm9kdWN0IENhdGVnb3J5
OiBUaGUgU29mdHdhcmUgUHJvZHVjdCBDYXRlZ29yeSBpcyByZXByZXNlbnRlZCBpbg0K
dGhlIHRpdGxlIGJ5IHRoZSB0d28gY2hhcmFjdGVycyBmb2xsb3dpbmcgSFBTQi4NCg0K
M0MgPSAzQ09NDQozUCA9IDNyZCBQYXJ0eSBTb2Z0d2FyZQ0KR04gPSBIUEUgR2VuZXJh
bCBTb2Z0d2FyZQ0KSEYgPSBIUEUgSGFyZHdhcmUgYW5kIEZpcm13YXJlDQpNVSA9IE11
bHRpLVBsYXRmb3JtIFNvZnR3YXJlDQpOUyA9IE5vblN0b3AgU2VydmVycw0KT1YgPSBP
cGVuVk1TDQpQViA9IFByb0N1cnZlDQpTVCA9IFN0b3JhZ2UgU29mdHdhcmUNClVYID0g
SFAtVVgNCg0KQ29weXJpZ2h0IDIwMTYgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UN
Cg0KSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2Ugc2hhbGwgbm90IGJlIGxpYWJsZSBm
b3IgdGVjaG5pY2FsIG9yIGVkaXRvcmlhbA0KZXJyb3JzIG9yIG9taXNzaW9ucyBjb250
YWluZWQgaGVyZWluLiBUaGUgaW5mb3JtYXRpb24gcHJvdmlkZWQgaXMgcHJvdmlkZWQN
CiJhcyBpcyIgd2l0aG91dCB3YXJyYW50eSBvZiBhbnkga2luZC4gVG8gdGhlIGV4dGVu
dCBwZXJtaXR0ZWQgYnkgbGF3LCBuZWl0aGVyDQpIUCBvciBpdHMgYWZmaWxpYXRlcywg
c3ViY29udHJhY3RvcnMgb3Igc3VwcGxpZXJzIHdpbGwgYmUgbGlhYmxlIGZvcg0KaW5j
aWRlbnRhbCxzcGVjaWFsIG9yIGNvbnNlcXVlbnRpYWwgZGFtYWdlcyBpbmNsdWRpbmcg
ZG93bnRpbWUgY29zdDsgbG9zdA0KcHJvZml0czsgZGFtYWdlcyByZWxhdGluZyB0byB0
aGUgcHJvY3VyZW1lbnQgb2Ygc3Vic3RpdHV0ZSBwcm9kdWN0cyBvcg0Kc2VydmljZXM7
IG9yIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZGF0YSwgb3Igc29mdHdhcmUgcmVzdG9yYXRp
b24uIFRoZQ0KaW5mb3JtYXRpb24gaW4gdGhpcyBkb2N1bWVudCBpcyBzdWJqZWN0IHRv
IGNoYW5nZSB3aXRob3V0IG5vdGljZS4gSGV3bGV0dA0KUGFja2FyZCBFbnRlcnByaXNl
IGFuZCB0aGUgbmFtZXMgb2YgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgcHJvZHVj
dHMNCnJlZmVyZW5jZWQgaGVyZWluIGFyZSB0cmFkZW1hcmtzIG9mIEhld2xldHQgUGFj
a2FyZCBFbnRlcnByaXNlIGluIHRoZSBVbml0ZWQNClN0YXRlcyBhbmQgb3RoZXIgY291
bnRyaWVzLiBPdGhlciBwcm9kdWN0IGFuZCBjb21wYW55IG5hbWVzIG1lbnRpb25lZCBo
ZXJlaW4NCm1heSBiZSB0cmFkZW1hcmtzIG9mIHRoZWlyIHJlc3BlY3RpdmUgb3duZXJz
Lg0KLS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEK
CmlRRWNCQUVCQ0FBR0JRSlpHSCtTQUFvSkVMWGhBeHQ3U1phaWNVSUlBSnplaG1rMU53
NWtWdU95R3hDVkg2OVcKUzYxb0dPaXRyd3FCYWJOc0paL2RtQWFSNE55WkxmbmRRY0Mx
cW5oRXJPS3Q2UlR3Sm1pMkwrNStndkJVU043RApQb0VUZWdQblJ4U1V1YmJzR3c4bTZ1
dlh2ZEU0TlJzSi9zTk5qUlZIWStUTjlvM2ZEUWVCTy9laGNGQ0lmRTNWClUvRll1dTBw
aUI5eWdOUlpOOWxSZ3dDYllOTTRsTGVHSnNrY2t6TGFSeC83ZmZNdWpPaGVFWktTa0hs
WUNJNVYKVFB1YlRTSHhiZWVPWVQrRXhYK0pnVmRIai9LakN5VCtkNTM4eENDWEkxQWpC
a3hZZHA3OFRuaEpWOFZFZ0tRMwpDSWYxamdtc1VrTGovYTByeGtQZDlYNkpVOCtkTWp5
L09zVjRybmptMEgzZHZRbGlCZ3VCY1MvY0JBUXc2Nlk9Cj1IQ0lMCi0tLS0tRU5EIFBH
UCBTSUdOQVRVUkUtLS0tLQo=