[security bulletin] HPESBMU03701 rev.1 - HPE Smart Storage Administrator, Remote Arbitrary Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v
dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp
cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj
L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzgyMzQ5DQoNClNVUFBP
UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE
OiBjMDUzODIzNDkNClZlcnNpb246IDENCg0KSFBFU0JNVTAzNzAxIHJldi4xIC0gSFBF
IFNtYXJ0IFN0b3JhZ2UgQWRtaW5pc3RyYXRvciwgUmVtb3RlIEFyYml0cmFyeSBDb2Rl
DQpFeGVjdXRpb24NCg0KTk9USUNFOiBUaGUgaW5mb3JtYXRpb24gaW4gdGhpcyBTZWN1
cml0eSBCdWxsZXRpbiBzaG91bGQgYmUgYWN0ZWQgdXBvbiBhcw0Kc29vbiBhcyBwb3Nz
aWJsZS4NCg0KUmVsZWFzZSBEYXRlOiAyMDE3LTAxLTMwDQpMYXN0IFVwZGF0ZWQ6IDIw
MTctMDEtMzANCg0KUG90ZW50aWFsIFNlY3VyaXR5IEltcGFjdDogUmVtb3RlOiBBcmJp
dHJhcnkgQ29kZSBFeGVjdXRpb24NCg0KU291cmNlOiBIZXdsZXR0IFBhY2thcmQgRW50
ZXJwcmlzZSwgUHJvZHVjdCBTZWN1cml0eSBSZXNwb25zZSBUZWFtDQoNClZVTE5FUkFC
SUxJVFkgU1VNTUFSWQ0KQSBwb3RlbnRpYWwgdnVsbmVyYWJpbGl0eSBoYXMgYmVlbiBp
ZGVudGlmaWVkIGluIEhQRSBTbWFydCBTdG9yYWdlDQpBZG1pbmlzdHJhdG9yLiBUaGUg
dnVsbmVyYWJpbGl0eSBjb3VsZCByZW1vdGVseSBiZSBleHBsb2l0ZWQgdG8gYWxsb3cN
CmV4ZWN1dGlvbiBvZiBhcmJpdHJhcnkgY29kZS4NCg0KUmVmZXJlbmNlczoNCg0KICAt
IENWRS0yMDE2LTg1MjMNCg0KU1VQUE9SVEVEIFNPRlRXQVJFIFZFUlNJT05TKjogT05M
WSBpbXBhY3RlZCB2ZXJzaW9ucyBhcmUgbGlzdGVkLg0KDQogIC0gSFAgU21hcnQgU3Rv
cmFnZSBBZG1pbmlzdHJhdG9yIGJlZm9yZSB2Mi42MC4xOC4wDQoNCkJBQ0tHUk9VTkQN
Cg0KICBDVlNTIEJhc2UgTWV0cmljcw0KICA9PT09PT09PT09PT09PT09PQ0KICBSZWZl
cmVuY2UsIENWU1MgVjMgU2NvcmUvVmVjdG9yLCBDVlNTIFYyIFNjb3JlL1ZlY3Rvcg0K
DQogICAgQ1ZFLTIwMTYtODUyMw0KICAgICAgOC4wIENWU1M6My4wL0FWOk4vQUM6TC9Q
UjpML1VJOlIvUzpVL0M6SC9JOkgvQTpIDQogICAgICA5LjAgKEFWOk4vQUM6TC9BdTpT
L0M6Qy9JOkMvQTpDKQ0KDQogICAgSW5mb3JtYXRpb24gb24gQ1ZTUyBpcyBkb2N1bWVu
dGVkIGluDQogICAgSFBFIEN1c3RvbWVyIE5vdGljZSBIUFNOLTIwMDgtMDAyIGhlcmU6
DQoNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNjL2RvYy9wdWJsaWMvZGlz
cGxheT9kb2NJZD1lbXJfbmEtYzAxMzQ1NDk5DQoNCkFja25vd2xlZGdlbWVudDogVGhl
IEhld2xldHQtUGFja2FyZCBDb21wYW55IHRoYW5rcyBOaWNvbGFzIE1hdHRpb2NjbyBm
b3INCnJlcG9ydGluZyB0aGlzIHZ1bG5lcmFiaWxpdHkgdG8gc2VjdXJpdHktYWxlcnRA
aHBlLmNvbS4NCg0KUkVTT0xVVElPTg0KDQpIUEUgaGFzIHByb3ZpZGVkIHRoZSBmb2xs
b3dpbmcgdXBkYXRlIHRvIHJlc29sdmUgdGhlIHZ1bG5lcmFiaWxpdHk6DQoNCiAgKiBI
UEUgU21hcnQgU3RvcmFnZSBBZG1pbmlzdHJhdG9yICAyLjYwLjE4LjAgb3Igc3Vic2Vx
dWVudDogIA0KICANCiAgICAqDQo8aHR0cHM6Ly9oMjA1NjYud3d3Mi5ocGUuY29tL2hw
c2Mvc3dkL3B1YmxpYy9kZXRhaWw/c3dJdGVtSWQ9TVRYX2ViYWNkMjg1ZTlkMw0KNzU0
OWQwODVhZmUzNz4NCg0KSElTVE9SWQ0KVmVyc2lvbjoxIChyZXYuMSkgLSAzMSBKYW51
YXJ5IDIwMTcgSW5pdGlhbCByZWxlYXNlDQoNClRoaXJkIFBhcnR5IFNlY3VyaXR5IFBh
dGNoZXM6IFRoaXJkIHBhcnR5IHNlY3VyaXR5IHBhdGNoZXMgdGhhdCBhcmUgdG8gYmUN
Cmluc3RhbGxlZCBvbiBzeXN0ZW1zIHJ1bm5pbmcgSGV3bGV0dCBQYWNrYXJkIEVudGVy
cHJpc2UgKEhQRSkgc29mdHdhcmUNCnByb2R1Y3RzIHNob3VsZCBiZSBhcHBsaWVkIGlu
IGFjY29yZGFuY2Ugd2l0aCB0aGUgY3VzdG9tZXIncyBwYXRjaCBtYW5hZ2VtZW50DQpw
b2xpY3kuDQoNClN1cHBvcnQ6IEZvciBpc3N1ZXMgYWJvdXQgaW1wbGVtZW50aW5nIHRo
ZSByZWNvbW1lbmRhdGlvbnMgb2YgdGhpcyBTZWN1cml0eQ0KQnVsbGV0aW4sIGNvbnRh
Y3Qgbm9ybWFsIEhQRSBTZXJ2aWNlcyBzdXBwb3J0IGNoYW5uZWwuIEZvciBvdGhlciBp
c3N1ZXMgYWJvdXQNCnRoZSBjb250ZW50IG9mIHRoaXMgU2VjdXJpdHkgQnVsbGV0aW4s
IHNlbmQgZS1tYWlsIHRvIHNlY3VyaXR5LWFsZXJ0QGhwZS5jb20uDQoNClJlcG9ydDog
VG8gcmVwb3J0IGEgcG90ZW50aWFsIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdHkgZm9yIGFu
eSBIUEUgc3VwcG9ydGVkDQpwcm9kdWN0Og0KICBXZWIgZm9ybTogaHR0cHM6Ly93d3cu
aHBlLmNvbS9pbmZvL3JlcG9ydC1zZWN1cml0eS12dWxuZXJhYmlsaXR5DQogIEVtYWls
OiBzZWN1cml0eS1hbGVydEBocGUuY29tDQoNClN1YnNjcmliZTogVG8gaW5pdGlhdGUg
YSBzdWJzY3JpcHRpb24gdG8gcmVjZWl2ZSBmdXR1cmUgSFBFIFNlY3VyaXR5IEJ1bGxl
dGluDQphbGVydHMgdmlhIEVtYWlsOiBodHRwOi8vd3d3LmhwZS5jb20vc3VwcG9ydC9T
dWJzY3JpYmVyX0Nob2ljZQ0KDQpTZWN1cml0eSBCdWxsZXRpbiBBcmNoaXZlOiBBIGxp
c3Qgb2YgcmVjZW50bHkgcmVsZWFzZWQgU2VjdXJpdHkgQnVsbGV0aW5zIGlzDQphdmFp
bGFibGUgaGVyZTogaHR0cDovL3d3dy5ocGUuY29tL3N1cHBvcnQvU2VjdXJpdHlfQnVs
bGV0aW5fQXJjaGl2ZQ0KDQpTb2Z0d2FyZSBQcm9kdWN0IENhdGVnb3J5OiBUaGUgU29m
dHdhcmUgUHJvZHVjdCBDYXRlZ29yeSBpcyByZXByZXNlbnRlZCBpbg0KdGhlIHRpdGxl
IGJ5IHRoZSB0d28gY2hhcmFjdGVycyBmb2xsb3dpbmcgSFBTQi4NCg0KM0MgPSAzQ09N
DQozUCA9IDNyZCBQYXJ0eSBTb2Z0d2FyZQ0KR04gPSBIUEUgR2VuZXJhbCBTb2Z0d2Fy
ZQ0KSEYgPSBIUEUgSGFyZHdhcmUgYW5kIEZpcm13YXJlDQpNVSA9IE11bHRpLVBsYXRm
b3JtIFNvZnR3YXJlDQpOUyA9IE5vblN0b3AgU2VydmVycw0KT1YgPSBPcGVuVk1TDQpQ
ViA9IFByb0N1cnZlDQpTVCA9IFN0b3JhZ2UgU29mdHdhcmUNClVYID0gSFAtVVgNCg0K
Q29weXJpZ2h0IDIwMTYgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UNCg0KSGV3bGV0
dCBQYWNrYXJkIEVudGVycHJpc2Ugc2hhbGwgbm90IGJlIGxpYWJsZSBmb3IgdGVjaG5p
Y2FsIG9yIGVkaXRvcmlhbA0KZXJyb3JzIG9yIG9taXNzaW9ucyBjb250YWluZWQgaGVy
ZWluLiBUaGUgaW5mb3JtYXRpb24gcHJvdmlkZWQgaXMgcHJvdmlkZWQNCiJhcyBpcyIg
d2l0aG91dCB3YXJyYW50eSBvZiBhbnkga2luZC4gVG8gdGhlIGV4dGVudCBwZXJtaXR0
ZWQgYnkgbGF3LCBuZWl0aGVyDQpIUCBvciBpdHMgYWZmaWxpYXRlcywgc3ViY29udHJh
Y3RvcnMgb3Igc3VwcGxpZXJzIHdpbGwgYmUgbGlhYmxlIGZvcg0KaW5jaWRlbnRhbCxz
cGVjaWFsIG9yIGNvbnNlcXVlbnRpYWwgZGFtYWdlcyBpbmNsdWRpbmcgZG93bnRpbWUg
Y29zdDsgbG9zdA0KcHJvZml0czsgZGFtYWdlcyByZWxhdGluZyB0byB0aGUgcHJvY3Vy
ZW1lbnQgb2Ygc3Vic3RpdHV0ZSBwcm9kdWN0cyBvcg0Kc2VydmljZXM7IG9yIGRhbWFn
ZXMgZm9yIGxvc3Mgb2YgZGF0YSwgb3Igc29mdHdhcmUgcmVzdG9yYXRpb24uIFRoZQ0K
aW5mb3JtYXRpb24gaW4gdGhpcyBkb2N1bWVudCBpcyBzdWJqZWN0IHRvIGNoYW5nZSB3
aXRob3V0IG5vdGljZS4gSGV3bGV0dA0KUGFja2FyZCBFbnRlcnByaXNlIGFuZCB0aGUg
bmFtZXMgb2YgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgcHJvZHVjdHMNCnJlZmVy
ZW5jZWQgaGVyZWluIGFyZSB0cmFkZW1hcmtzIG9mIEhld2xldHQgUGFja2FyZCBFbnRl
cnByaXNlIGluIHRoZSBVbml0ZWQNClN0YXRlcyBhbmQgb3RoZXIgY291bnRyaWVzLiBP
dGhlciBwcm9kdWN0IGFuZCBjb21wYW55IG5hbWVzIG1lbnRpb25lZCBoZXJlaW4NCm1h
eSBiZSB0cmFkZW1hcmtzIG9mIHRoZWlyIHJlc3BlY3RpdmUgb3duZXJzLg0KLS0tLS1C
RUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRRWNCQUVC
Q0FBR0JRSllqNDZKQUFvSkVMWGhBeHQ3U1phaUdLd0gvMkV0bnRTN0FBTXZWQndvWm4w
S09hTEsKK1E4clFPQjhmUVlBZGUvaWZ1dHpPMlU1anhSZXBIWWRsQ3hBRUY3N0RlY2JK
MFh3RGh2Y0NCR1JVVDVnWVduZQpmMzBaTzYydTVIUmlzb2ZVMFpjV09QamNEeWQvcVNa
YzdHd3pBTi9GT0NYd2lPVlBCVFY5cnJxWm5pRkdHMDVICi9oQktpVUk1U1NHL3BiZ1Ry
Y2x1T09IYzcwdnhoUWpDcGxMYytqbUNyQ2Jtb296UUloalU3L3ZVOUhBQ1lvZHoKbUpX
WDFpTDdUZzhaTS8yVTU1UFVPWnVac2U0dmFhc0lFcnVOOTErdXR4VXJ1dzR2ZHA2Z2Rt
MGJaZXVqa0FIdQp6UVoxdmNmNUZXWCswWXN0MGl6TlJMbUwrRGIwb0tzWk80eFRlSE5U
SFllY0MrakVvdzBrekl2ajBhaW1CYTQ9Cj0zVFhwCi0tLS0tRU5EIFBHUCBTSUdOQVRV
UkUtLS0tLQo=