[security bulletin] HPESBGN03766 rev.1 - HPE Project and Portfolio Management (PPM), Remote Cross-Site Scripting

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v
dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp
cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj
L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzY2ZW5fdXMN
Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j
dW1lbnQgSUQ6IGhwZXNiZ24wMzc2NmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w
Mzc2NiByZXYuMSAtIEhQRSBQcm9qZWN0IGFuZCBQb3J0Zm9saW8gTWFuYWdlbWVudCAo
UFBNKSwgUmVtb3RlDQpDcm9zcy1TaXRlIFNjcmlwdGluZw0KDQpOT1RJQ0U6IFRoZSBp
bmZvcm1hdGlvbiBpbiB0aGlzIFNlY3VyaXR5IEJ1bGxldGluIHNob3VsZCBiZSBhY3Rl
ZCB1cG9uIGFzDQpzb29uIGFzIHBvc3NpYmxlLg0KDQpSZWxlYXNlIERhdGU6IDIwMTct
MDgtMDENCkxhc3QgVXBkYXRlZDogMjAxNy0wOC0wMQ0KDQpQb3RlbnRpYWwgU2VjdXJp
dHkgSW1wYWN0OiBSZW1vdGU6IENyb3NzLVNpdGUgU2NyaXB0aW5nIChYU1MpDQoNClNv
dXJjZTogSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UsIFByb2R1Y3QgU2VjdXJpdHkg
UmVzcG9uc2UgVGVhbQ0KDQpWVUxORVJBQklMSVRZIFNVTU1BUlkNCkEgcG90ZW50aWFs
IHNlY3VyaXR5IHZ1bG5lcmFiaWxpdHkgaGFzIGJlZW4gaWRlbnRpZmllZCBpbiBIUEUg
UHJvamVjdCBhbmQNClBvcnRmb2xpbyBNYW5hZ2VtZW50KFBQTSkgcHJvZHVjdC4gVGhl
IHZ1bG5lcmFiaWxpdHkgY291bGQgYmUgZXhwbG9pdGVkIHRvDQphbGxvdyByZW1vdGUg
Y3Jvc3Mtc2l0ZSBzY3JpcHRpbmcgKFhTUykuDQoNClJlZmVyZW5jZXM6DQoNCiAgLSBD
VkUtMjAxNy04OTkzIC0gUmVtb3RlIENyb3NzLVNpdGUgU2NyaXB0aW5nIChYU1MpDQoN
ClNVUFBPUlRFRCBTT0ZUV0FSRSBWRVJTSU9OUyo6IE9OTFkgaW1wYWN0ZWQgdmVyc2lv
bnMgYXJlIGxpc3RlZC4NCg0KICAtIEhQRSBQcm9qZWN0IGFuZCBQb3J0Zm9saW8gTWFu
YWdlbWVudCBDZW50ZXIgLXY5LjMwLCB2OS4zMSwgdjkuMzIsIHY5LjQwDQoNCkJBQ0tH
Uk9VTkQNCg0KICBDVlNTIEJhc2UgTWV0cmljcw0KICA9PT09PT09PT09PT09PT09PQ0K
ICBSZWZlcmVuY2UsIENWU1MgVjMgU2NvcmUvVmVjdG9yLCBDVlNTIFYyIFNjb3JlL1Zl
Y3Rvcg0KDQogICAgQ1ZFLTIwMTctODk5Mw0KICAgICAgOS44IENWU1M6My4wL0FWOk4v
QUM6TC9QUjpOL1VJOk4vUzpVL0M6SC9JOkgvQTpIDQogICAgICAxMC4wIChBVjpOL0FD
OkwvQXU6Ti9DOkMvSTpDL0E6QykNCg0KICAgIEluZm9ybWF0aW9uIG9uIENWU1MgaXMg
ZG9jdW1lbnRlZCBpbg0KICAgIEhQRSBDdXN0b21lciBOb3RpY2UgSFBTTi0yMDA4LTAw
MiBoZXJlOg0KDQpodHRwczovL2gyMDU2NC53d3cyLmhwZS5jb20vaHBzYy9kb2MvcHVi
bGljL2Rpc3BsYXk/ZG9jSWQ9ZW1yX25hLWMwMTM0NTQ5OQ0KDQpIZXdsZXR0IFBhY2th
cmQgRW50ZXJwcmlzZSB3b3VsZCBsaWtlIHRvIHRoYW5rIERhdmlkIFNoYW5haGFuIGZv
ciByZXBvcnRpbmcNCnRoaXMgaXNzdWUgdG8gc2VjdXJpdHktYWxlcnRAaHBlLmNvbQ0K
DQpSRVNPTFVUSU9ODQoNCkhQRSBoYXMgbWFkZSB0aGUgZm9sbG93aW5nIHNvZnR3YXJl
IHVwZGF0ZXMgYW5kIG1pdGlnYXRpb24gaW5mb3JtYXRpb24gdG8NCnJlc29sdmUgdGhp
cyB2dWxuZXJhYmlsaXR5IGluIHRoZSBpbXBhY3RlZCB2ZXJzaW9ucyBvZiBIUEUgUHJv
amVjdCBhbmQNClBvcnRmb2xpbyBNYW5hZ2VtZW50IChQUE0pLg0KDQoqIFBsZWFzZSB1
cGdyYWRlIEhQRSBQTU0gdmVyc2lvbiA5LjN4IHRvIEhQRSBQUE0gdmVyc2lvbiA5LjMy
LjAwMDUuIFBsZWFzZQ0KcmVmZXIgdG8gS00wMjc4MTA2NiBhcnRpY2xlIGZvciBpbmZv
cm1hdGlvbiBvbiByZXNvbHZpbmcgdGhpcyBpc3N1ZToNCjxodHRwczovL3NvZnR3YXJl
c3VwcG9ydC5ocGUuY29tL2ttL0tNMDI3ODEwNjY+DQoNCiogUGxlYXNlIHVwZ3JhZGUg
SFBFIFBNTSB2ZXJzaW9uIDkuNDAgdG8gSFBFIFBQTSAgdG8gdmVyc2lvbiA5LjQxLiBQ
bGVhc2UNCnJlZmVyIHRvIEtNMDI3NTM5NDIgYXJ0aWNsZSBmb3IgaW5mb3JtYXRpb24g
b24gcmVzb2x2aW5nIHRoaXMgaXNzdWU6DQo8aHR0cHM6Ly9zb2Z0d2FyZXN1cHBvcnQu
aHBlLmNvbS9rbS9LTTAyNzUzOTQyPg0KDQpISVNUT1JZDQpWZXJzaW9uOjEgKHJldi4x
KSAtIDIgQXVndXN0IDIwMTcgSW5pdGlhbCByZWxlYXNlDQoNClRoaXJkIFBhcnR5IFNl
Y3VyaXR5IFBhdGNoZXM6IFRoaXJkIHBhcnR5IHNlY3VyaXR5IHBhdGNoZXMgdGhhdCBh
cmUgdG8gYmUNCmluc3RhbGxlZCBvbiBzeXN0ZW1zIHJ1bm5pbmcgSGV3bGV0dCBQYWNr
YXJkIEVudGVycHJpc2UgKEhQRSkgc29mdHdhcmUNCnByb2R1Y3RzIHNob3VsZCBiZSBh
cHBsaWVkIGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgY3VzdG9tZXIncyBwYXRjaCBtYW5h
Z2VtZW50DQpwb2xpY3kuDQoNClN1cHBvcnQ6IEZvciBpc3N1ZXMgYWJvdXQgaW1wbGVt
ZW50aW5nIHRoZSByZWNvbW1lbmRhdGlvbnMgb2YgdGhpcyBTZWN1cml0eQ0KQnVsbGV0
aW4sIGNvbnRhY3Qgbm9ybWFsIEhQRSBTZXJ2aWNlcyBzdXBwb3J0IGNoYW5uZWwuIEZv
ciBvdGhlciBpc3N1ZXMgYWJvdXQNCnRoZSBjb250ZW50IG9mIHRoaXMgU2VjdXJpdHkg
QnVsbGV0aW4sIHNlbmQgZS1tYWlsIHRvIHNlY3VyaXR5LWFsZXJ0QGhwZS5jb20uDQoN
ClJlcG9ydDogVG8gcmVwb3J0IGEgcG90ZW50aWFsIHNlY3VyaXR5IHZ1bG5lcmFiaWxp
dHkgZm9yIGFueSBIUEUgc3VwcG9ydGVkDQpwcm9kdWN0Og0KICBXZWIgZm9ybTogaHR0
cHM6Ly93d3cuaHBlLmNvbS9pbmZvL3JlcG9ydC1zZWN1cml0eS12dWxuZXJhYmlsaXR5
DQogIEVtYWlsOiBzZWN1cml0eS1hbGVydEBocGUuY29tDQoNClN1YnNjcmliZTogVG8g
aW5pdGlhdGUgYSBzdWJzY3JpcHRpb24gdG8gcmVjZWl2ZSBmdXR1cmUgSFBFIFNlY3Vy
aXR5IEJ1bGxldGluDQphbGVydHMgdmlhIEVtYWlsOiBodHRwOi8vd3d3LmhwZS5jb20v
c3VwcG9ydC9TdWJzY3JpYmVyX0Nob2ljZQ0KDQpTZWN1cml0eSBCdWxsZXRpbiBBcmNo
aXZlOiBBIGxpc3Qgb2YgcmVjZW50bHkgcmVsZWFzZWQgU2VjdXJpdHkgQnVsbGV0aW5z
IGlzDQphdmFpbGFibGUgaGVyZTogaHR0cDovL3d3dy5ocGUuY29tL3N1cHBvcnQvU2Vj
dXJpdHlfQnVsbGV0aW5fQXJjaGl2ZQ0KDQpTb2Z0d2FyZSBQcm9kdWN0IENhdGVnb3J5
OiBUaGUgU29mdHdhcmUgUHJvZHVjdCBDYXRlZ29yeSBpcyByZXByZXNlbnRlZCBpbg0K
dGhlIHRpdGxlIGJ5IHRoZSB0d28gY2hhcmFjdGVycyBmb2xsb3dpbmcgSFBTQi4NCg0K
M0MgPSAzQ09NDQozUCA9IDNyZCBQYXJ0eSBTb2Z0d2FyZQ0KR04gPSBIUEUgR2VuZXJh
bCBTb2Z0d2FyZQ0KSEYgPSBIUEUgSGFyZHdhcmUgYW5kIEZpcm13YXJlDQpNVSA9IE11
bHRpLVBsYXRmb3JtIFNvZnR3YXJlDQpOUyA9IE5vblN0b3AgU2VydmVycw0KT1YgPSBP
cGVuVk1TDQpQViA9IFByb0N1cnZlDQpTVCA9IFN0b3JhZ2UgU29mdHdhcmUNClVYID0g
SFAtVVgNCg0KQ29weXJpZ2h0IDIwMTYgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UN
Cg0KSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2Ugc2hhbGwgbm90IGJlIGxpYWJsZSBm
b3IgdGVjaG5pY2FsIG9yIGVkaXRvcmlhbA0KZXJyb3JzIG9yIG9taXNzaW9ucyBjb250
YWluZWQgaGVyZWluLiBUaGUgaW5mb3JtYXRpb24gcHJvdmlkZWQgaXMgcHJvdmlkZWQN
CiJhcyBpcyIgd2l0aG91dCB3YXJyYW50eSBvZiBhbnkga2luZC4gVG8gdGhlIGV4dGVu
dCBwZXJtaXR0ZWQgYnkgbGF3LCBuZWl0aGVyDQpIUCBvciBpdHMgYWZmaWxpYXRlcywg
c3ViY29udHJhY3RvcnMgb3Igc3VwcGxpZXJzIHdpbGwgYmUgbGlhYmxlIGZvcg0KaW5j
aWRlbnRhbCxzcGVjaWFsIG9yIGNvbnNlcXVlbnRpYWwgZGFtYWdlcyBpbmNsdWRpbmcg
ZG93bnRpbWUgY29zdDsgbG9zdA0KcHJvZml0czsgZGFtYWdlcyByZWxhdGluZyB0byB0
aGUgcHJvY3VyZW1lbnQgb2Ygc3Vic3RpdHV0ZSBwcm9kdWN0cyBvcg0Kc2VydmljZXM7
IG9yIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZGF0YSwgb3Igc29mdHdhcmUgcmVzdG9yYXRp
b24uIFRoZQ0KaW5mb3JtYXRpb24gaW4gdGhpcyBkb2N1bWVudCBpcyBzdWJqZWN0IHRv
IGNoYW5nZSB3aXRob3V0IG5vdGljZS4gSGV3bGV0dA0KUGFja2FyZCBFbnRlcnByaXNl
IGFuZCB0aGUgbmFtZXMgb2YgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgcHJvZHVj
dHMNCnJlZmVyZW5jZWQgaGVyZWluIGFyZSB0cmFkZW1hcmtzIG9mIEhld2xldHQgUGFj
a2FyZCBFbnRlcnByaXNlIGluIHRoZSBVbml0ZWQNClN0YXRlcyBhbmQgb3RoZXIgY291
bnRyaWVzLiBPdGhlciBwcm9kdWN0IGFuZCBjb21wYW55IG5hbWVzIG1lbnRpb25lZCBo
ZXJlaW4NCm1heSBiZSB0cmFkZW1hcmtzIG9mIHRoZWlyIHJlc3BlY3RpdmUgb3duZXJz
Lg0KLS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEK
CmlRRWNCQUVCQ0FBR0JRSlpnTmRUQUFvSkVMWGhBeHQ3U1phaTdrZ0gvaU0yZ1F4WE83
am1md1VXcHdYWkx6RHcKcnFxazZQU2pldVd1dFlxdFduSkk3dTkrMjQyMUNFYTFWazVh
L3R3TDJlcnBjNVR3NXZnNU1MQWw5UStUT3B1NAo0YkpHOUh5YlNISWZRaWdvR3hZMjZX
eUQwdXdXUXZNd2YzRHd6aU8yQ3g1VFVMc01vUWFHK1FWZHpHbWJQQWJrCk02UU8rZDJy
MXFOOTBMVkc1bVVXV2RGcFRGemk3UVc1MlowNkdRVUhYTUpoblVYZFRRak1hbjJLZW9k
dUI1d24KK0toS3dmY1ZkQTlKdWVCUllxZVRjaDViQ3ZtQ2VJemJjQk1hb2JGTFlmaVhR
Qmg0bjhvOC9jbDBzeW1jRmdhMgplVE54S0hxdzVsVENVYTM4T3kyMHlUb0FkNjZyZzlH
aWVxR0l1WW5GcVlkMVMrL2xFeThkb1J6Yk5kcGRQZ1E9Cj10Q1JPCi0tLS0tRU5EIFBH
UCBTSUdOQVRVUkUtLS0tLQo=