[security bulletin] HPESBGN03758 rev.2 - HPE UCMDB, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCk5vdGU6
IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBpcyBhdmFpbGFi
bGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNjL2RvYy9wdWJsaWMvZGlz
cGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzU4ZW5fdXMNCg0KU1VQUE9SVCBDT01NVU5JQ0FU
SU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9jdW1lbnQgSUQ6IGhwZXNiZ24wMzc1OGVuX3Vz
DQpWZXJzaW9uOiAyDQoNCkhQRVNCR04wMzc1OCByZXYuMiAtIEhQRSBVQ01EQiwgUmVtb3RlIENv
ZGUgRXhlY3V0aW9uDQoNCk5PVElDRTogVGhlIGluZm9ybWF0aW9uIGluIHRoaXMgU2VjdXJpdHkg
QnVsbGV0aW4gc2hvdWxkIGJlIGFjdGVkIHVwb24gYXMgc29vbiBhcyBwb3NzaWJsZS4NCg0KUmVs
ZWFzZSBEYXRlOiAyMDE3LTA2LTE0DQpMYXN0IFVwZGF0ZWQ6IDIwMTctMDYtMTMNCg0KUG90ZW50
aWFsIFNlY3VyaXR5IEltcGFjdDogUmVtb3RlOiBDb2RlIEV4ZWN1dGlvbg0KDQpTb3VyY2U6IEhl
d2xldHQgUGFja2FyZCBFbnRlcnByaXNlLCBQcm9kdWN0IFNlY3VyaXR5IFJlc3BvbnNlIFRlYW0N
Cg0KVlVMTkVSQUJJTElUWSBTVU1NQVJZDQpBIHBvdGVudGlhbCBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IGhhcyBiZWVuIGlkZW50aWZpZWQgaW4gSFBFIFVDTURCLiBUaGUgdnVsbmVyYWJpbGl0eSBj
b3VsZCBiZSByZW1vdGVseSBleHBsb2l0ZWQgdG8gYWxsb3cgZXhlY3V0aW9uIG9mIGNvZGUuDQoN
ClJlZmVyZW5jZXM6DQoNCiAgLSBDVkUtMjAxNy04OTQ3IC0gUmVtb3RlIENvZGUgRXhlY3V0aW9u
DQoNClNVUFBPUlRFRCBTT0ZUV0FSRSBWRVJTSU9OUyo6IE9OTFkgaW1wYWN0ZWQgdmVyc2lvbnMg
YXJlIGxpc3RlZC4NCg0KICAtIEhQIFVDTURCIENvbmZpZ3VyYXRpb24gTWFuYWdlciBTb2Z0d2Fy
ZSAtIHYxMC4xMCwgdjEwLjExLCB2MTAuMjAsIHYxMC4yMSwgdjEwLjIyLCB2MTAuMzAsIHYxMC4z
MQ0KDQpCQUNLR1JPVU5EDQoNCiAgQ1ZTUyBCYXNlIE1ldHJpY3MNCiAgPT09PT09PT09PT09PT09
PT0NCiAgUmVmZXJlbmNlLCBDVlNTIFYzIFNjb3JlL1ZlY3RvciwgQ1ZTUyBWMiBTY29yZS9WZWN0
b3INCg0KICAgIENWRS0yMDE3LTg5NDcNCiAgICAgIDEwLjAgQ1ZTUzozLjAvQVY6Ti9BQzpML1BS
Ok4vVUk6Ti9TOkMvQzpIL0k6SC9BOkgNCiAgICAgIDcuNSAoQVY6Ti9BQzpML0F1Ok4vQzpQL0k6
UC9BOlApDQoNCiAgICBJbmZvcm1hdGlvbiBvbiBDVlNTIGlzIGRvY3VtZW50ZWQgaW4NCiAgICBI
UEUgQ3VzdG9tZXIgTm90aWNlIEhQU04tMjAwOC0wMDIgaGVyZToNCg0KaHR0cHM6Ly9oMjA1NjQu
d3d3Mi5ocGUuY29tL2hwc2MvZG9jL3B1YmxpYy9kaXNwbGF5P2RvY0lkPWVtcl9uYS1jMDEzNDU0
OTkNCg0KSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgdGhhbmtzIHJnb2Qgd29ya2luZyB3aXRo
IFRyZW5kIE1pY3JvJ3MgWmVybyBEYXkgSW5pdGlhdGl2ZSAoWkRJKSBmb3IgcmVwb3J0aW5nIHRo
ZXNlIHZ1bG5lcmFiaWxpdGllcyB0byBzZWN1cml0eS1hbGVydEBocGUuY29tDQoNClJFU09MVVRJ
T04NCg0KSFBFIGhhcyBtYWRlIHRoZSBmb2xsb3dpbmcgc29mdHdhcmUgdXBkYXRlcyBhbmQgbWl0
aWdhdGlvbiBpbmZvcm1hdGlvbiB0byByZXNvbHZlIHRoZSB2dWxuZXJhYmlsaXR5IGluIEhQRSBV
Q01EQjoNCg0KKg0KPGh0dHBzOi8vc29mdHdhcmVzdXBwb3J0LmhwZS5jb20vZ3JvdXAvc29mdHdh
cmVzdXBwb3J0L3NlYXJjaC1yZXN1bHQvLS9mYWNldHMNCmFyY2gvZG9jdW1lbnQvS00wMjc5MjU2
Nz4NCg0KSElTVE9SWQ0KDQpWZXJzaW9uOjEgKHJldi4xKSAtIDcgSnVuZSAyMDE3IEluaXRpYWwg
cmVsZWFzZQ0KDQpWZXJzaW9uOjIgKHJldi4yKSAtIDE0IEp1bmUgMjAxNyBVcGRhdGVkIHRoZSBS
ZXBvcnRlciBBY2tub3dsZWRnZW1lbnQgc2VjdGlvbg0KDQoNClRoaXJkIFBhcnR5IFNlY3VyaXR5
IFBhdGNoZXM6IFRoaXJkIHBhcnR5IHNlY3VyaXR5IHBhdGNoZXMgdGhhdCBhcmUgdG8gYmUgaW5z
dGFsbGVkIG9uIHN5c3RlbXMgcnVubmluZyBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSAoSFBF
KSBzb2Z0d2FyZSBwcm9kdWN0cyBzaG91bGQgYmUgYXBwbGllZCBpbiBhY2NvcmRhbmNlIHdpdGgg
dGhlIGN1c3RvbWVyJ3MgcGF0Y2ggbWFuYWdlbWVudCBwb2xpY3kuDQoNClN1cHBvcnQ6IEZvciBp
c3N1ZXMgYWJvdXQgaW1wbGVtZW50aW5nIHRoZSByZWNvbW1lbmRhdGlvbnMgb2YgdGhpcyBTZWN1
cml0eSBCdWxsZXRpbiwgY29udGFjdCBub3JtYWwgSFBFIFNlcnZpY2VzIHN1cHBvcnQgY2hhbm5l
bC4gRm9yIG90aGVyIGlzc3VlcyBhYm91dCB0aGUgY29udGVudCBvZiB0aGlzIFNlY3VyaXR5IEJ1
bGxldGluLCBzZW5kIGUtbWFpbCB0byBzZWN1cml0eS1hbGVydEBocGUuY29tLg0KDQpSZXBvcnQ6
IFRvIHJlcG9ydCBhIHBvdGVudGlhbCBzZWN1cml0eSB2dWxuZXJhYmlsaXR5IGZvciBhbnkgSFBF
IHN1cHBvcnRlZA0KcHJvZHVjdDoNCiAgV2ViIGZvcm06IGh0dHBzOi8vd3d3LmhwZS5jb20vaW5m
by9yZXBvcnQtc2VjdXJpdHktdnVsbmVyYWJpbGl0eQ0KICBFbWFpbDogc2VjdXJpdHktYWxlcnRA
aHBlLmNvbQ0KDQpTdWJzY3JpYmU6IFRvIGluaXRpYXRlIGEgc3Vic2NyaXB0aW9uIHRvIHJlY2Vp
dmUgZnV0dXJlIEhQRSBTZWN1cml0eSBCdWxsZXRpbiBhbGVydHMgdmlhIEVtYWlsOiBodHRwOi8v
d3d3LmhwZS5jb20vc3VwcG9ydC9TdWJzY3JpYmVyX0Nob2ljZQ0KDQpTZWN1cml0eSBCdWxsZXRp
biBBcmNoaXZlOiBBIGxpc3Qgb2YgcmVjZW50bHkgcmVsZWFzZWQgU2VjdXJpdHkgQnVsbGV0aW5z
IGlzIGF2YWlsYWJsZSBoZXJlOiBodHRwOi8vd3d3LmhwZS5jb20vc3VwcG9ydC9TZWN1cml0eV9C
dWxsZXRpbl9BcmNoaXZlDQoNClNvZnR3YXJlIFByb2R1Y3QgQ2F0ZWdvcnk6IFRoZSBTb2Z0d2Fy
ZSBQcm9kdWN0IENhdGVnb3J5IGlzIHJlcHJlc2VudGVkIGluIHRoZSB0aXRsZSBieSB0aGUgdHdv
IGNoYXJhY3RlcnMgZm9sbG93aW5nIEhQU0IuDQoNCjNDID0gM0NPTQ0KM1AgPSAzcmQgUGFydHkg
U29mdHdhcmUNCkdOID0gSFBFIEdlbmVyYWwgU29mdHdhcmUNCkhGID0gSFBFIEhhcmR3YXJlIGFu
ZCBGaXJtd2FyZQ0KTVUgPSBNdWx0aS1QbGF0Zm9ybSBTb2Z0d2FyZQ0KTlMgPSBOb25TdG9wIFNl
cnZlcnMNCk9WID0gT3BlblZNUw0KUFYgPSBQcm9DdXJ2ZQ0KU1QgPSBTdG9yYWdlIFNvZnR3YXJl
DQpVWCA9IEhQLVVYDQoNCkNvcHlyaWdodCAyMDE2IEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNl
DQoNCkhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIHNoYWxsIG5vdCBiZSBsaWFibGUgZm9yIHRl
Y2huaWNhbCBvciBlZGl0b3JpYWwgZXJyb3JzIG9yIG9taXNzaW9ucyBjb250YWluZWQgaGVyZWlu
LiBUaGUgaW5mb3JtYXRpb24gcHJvdmlkZWQgaXMgcHJvdmlkZWQgImFzIGlzIiB3aXRob3V0IHdh
cnJhbnR5IG9mIGFueSBraW5kLiBUbyB0aGUgZXh0ZW50IHBlcm1pdHRlZCBieSBsYXcsIG5laXRo
ZXIgSFAgb3IgaXRzIGFmZmlsaWF0ZXMsIHN1YmNvbnRyYWN0b3JzIG9yIHN1cHBsaWVycyB3aWxs
IGJlIGxpYWJsZSBmb3IgaW5jaWRlbnRhbCxzcGVjaWFsIG9yIGNvbnNlcXVlbnRpYWwgZGFtYWdl
cyBpbmNsdWRpbmcgZG93bnRpbWUgY29zdDsgbG9zdCBwcm9maXRzOyBkYW1hZ2VzIHJlbGF0aW5n
IHRvIHRoZSBwcm9jdXJlbWVudCBvZiBzdWJzdGl0dXRlIHByb2R1Y3RzIG9yIHNlcnZpY2VzOyBv
ciBkYW1hZ2VzIGZvciBsb3NzIG9mIGRhdGEsIG9yIHNvZnR3YXJlIHJlc3RvcmF0aW9uLiBUaGUg
aW5mb3JtYXRpb24gaW4gdGhpcyBkb2N1bWVudCBpcyBzdWJqZWN0IHRvIGNoYW5nZSB3aXRob3V0
IG5vdGljZS4gSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgYW5kIHRoZSBuYW1lcyBvZiBIZXds
ZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBwcm9kdWN0cyByZWZlcmVuY2VkIGhlcmVpbiBhcmUgdHJh
ZGVtYXJrcyBvZiBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBpbiB0aGUgVW5pdGVkIFN0YXRl
cyBhbmQgb3RoZXIgY291bnRyaWVzLiBPdGhlciBwcm9kdWN0IGFuZCBjb21wYW55IG5hbWVzIG1l
bnRpb25lZCBoZXJlaW4gbWF5IGJlIHRyYWRlbWFya3Mgb2YgdGhlaXIgcmVzcGVjdGl2ZSBvd25l
cnMuDQotLS0tLUJFR0lOIFBHUCBTSUdOQVRVUkUtLS0tLQ0KVmVyc2lvbjogR251UEcgdjENCg0K
aVFFY0JBRUJDQUFHQlFKWlFHZTRBQW9KRUxYaEF4dDdTWmFpVjY4SUFLUmtUbnZ5TGhtVlBvOGIy
eTdnVnZCMg0KcG15T2hzUmROZUhlRmFJTXBhZWVJYVFkTk1yKzBzaUNEZUlISkxyUDA4ZjlPblQv
aTdOdDV2YnBYYjZtekxhRA0KWmlncU1XVkdXWUFmVWJOMG4vSHUzVW43QURBa0NpaW5vY3o0NWRv
a1EwUmhueVc2SEZIU0xNcTZaNWpOQmdPcA0KNFNqN3hWRDNoMDRjOCtZa1lvYWdNK3Azai9Id3Zx
VXBlb1E3dW1Lc0tiK1hNRmRaK2tOYitSNVJ3ajFCZ1dTYQ0KcmMyNEh1Z1FiTXI0RlhyYnBKUmtl
akFlQVVJRlFzWE9WaXpJVWdqREhTTWlJQVJQbFhLZHZHR2h6ZmYyNG9BQQ0KeEphMVV4Smt0YnJE
OFNJWkZmajRLVUowYmJVTVFDQ3VLcjlzVGRUcXUycWlGS3p4STlXNzRjS1VXb1hTQm9NPQ0KPUt4
SlQNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K