[security bulletin] HPESBGN03712 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v
dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp
cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj
L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzEyZW5fdXMN
Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j
dW1lbnQgSUQ6IGhwZXNiZ24wMzcxMmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w
MzcxMiByZXYuMSAtIEhQRSBMb2FkUnVubmVyIGFuZCBQZXJmb3JtYW5jZSBDZW50ZXIs
IFJlbW90ZSBDb2RlDQpFeGVjdXRpb24NCg0KTk9USUNFOiBUaGUgaW5mb3JtYXRpb24g
aW4gdGhpcyBTZWN1cml0eSBCdWxsZXRpbiBzaG91bGQgYmUgYWN0ZWQgdXBvbiBhcw0K
c29vbiBhcyBwb3NzaWJsZS4NCg0KUmVsZWFzZSBEYXRlOiAyMDE3LTAzLTA3DQpMYXN0
IFVwZGF0ZWQ6IDIwMTctMDMtMDcNCg0KUG90ZW50aWFsIFNlY3VyaXR5IEltcGFjdDog
UmVtb3RlOiBDb2RlIEV4ZWN1dGlvbg0KDQpTb3VyY2U6IEhld2xldHQgUGFja2FyZCBF
bnRlcnByaXNlLCBQcm9kdWN0IFNlY3VyaXR5IFJlc3BvbnNlIFRlYW0NCg0KVlVMTkVS
QUJJTElUWSBTVU1NQVJZDQpBIHBvdGVudGlhbCBzZWN1cml0eSB2dWxuZXJhYmlsaXR5
IGhhcyBiZWVuIGlkZW50aWZpZWQgaW4gSFBFIExvYWRSdW5uZXIgYW5kDQpQZXJmb3Jt
YW5jZSBDZW50ZXIuIFRoaXMgdnVsbmVyYWJpbGl0eSBjb3VsZCBiZSByZW1vdGVseSBl
eHBsb2l0ZWQgdG8gYWxsb3cNCnJlbW90ZSBjb2RlIGV4ZWN1dGlvbi4NCg0KUmVmZXJl
bmNlczoNCg0KICAtIENWRS0yMDE3LTU3ODkgLSBSZW1vdGUgQ29kZSBFeGVjdXRpb24N
Cg0KU1VQUE9SVEVEIFNPRlRXQVJFIFZFUlNJT05TKjogT05MWSBpbXBhY3RlZCB2ZXJz
aW9ucyBhcmUgbGlzdGVkLg0KDQogIC0gSFBFIExvYWRSdW5uZXIgLSB2MTIuNTMuMCBh
bmQgZWFybGllcg0KICAtIEhQRSBQZXJmb3JtYW5jZSBDZW50ZXIgLSB2MTIuNTMuMCBh
bmQgZWFybGllcg0KDQpCQUNLR1JPVU5EDQoNCiAgQ1ZTUyBCYXNlIE1ldHJpY3MNCiAg
PT09PT09PT09PT09PT09PT0NCiAgUmVmZXJlbmNlLCBDVlNTIFYzIFNjb3JlL1ZlY3Rv
ciwgQ1ZTUyBWMiBTY29yZS9WZWN0b3INCg0KICAgIENWRS0yMDE3LTU3ODkNCiAgICAg
IDcuMyBDVlNTOjMuMC9BVjpOL0FDOkwvUFI6Ti9VSTpOL1M6VS9DOkwvSTpML0E6TA0K
ICAgICAgNi44IChBVjpOL0FDOk0vQXU6Ti9DOlAvSTpQL0E6UCkNCg0KICAgIEluZm9y
bWF0aW9uIG9uIENWU1MgaXMgZG9jdW1lbnRlZCBpbg0KICAgIEhQRSBDdXN0b21lciBO
b3RpY2UgSFBTTi0yMDA4LTAwMiBoZXJlOg0KDQpodHRwczovL2gyMDU2NC53d3cyLmhw
ZS5jb20vaHBzYy9kb2MvcHVibGljL2Rpc3BsYXk/ZG9jSWQ9ZW1yX25hLWMwMTM0NTQ5
OQ0KDQpIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSB0aGFua3MgVGVuYWJsZSBOZXR3
b3JrIFNlY3VyaXR5IHdvcmtpbmcgd2l0aCBUcmVuZA0KTWljcm8ncyBaZXJvIERheSBJ
bml0aWF0aXZlIChaREkpIGZvciByZXBvcnRpbmcgdGhpcyBpc3N1ZSB0bw0Kc2VjdXJp
dHktYWxlcnRAaHBlLmNvbQ0KDQpSRVNPTFVUSU9ODQoNCkhQRSBoYXMgcHJvdmlkZWQg
dGhlIGZvbGxvd2luZyBzb2Z0d2FyZSB1cGRhdGVzIHRvIHJlc29sdmUgdGhlIHZ1bG5l
cmFiaWxpdHkNCmluIHRoZSBpbXBhY3RlZCB2ZXJzaW9ucyBvZiBIUEUgTG9hZFJ1bm5l
ciBhbmQgUGVyZm9ybWFuY2UgQ2VudGVyLiANCg0KKipMb2FkUnVubmVyKiogLSBQbGVh
c2UgZG93bmxvYWQgYW5kIGluc3RhbGwgdjEyLjUzIFBhdGNoIDQgdXNpbmcgZm9sbG93
aW5nDQpsaW5rczoNCg0KKiBMb2FkUnVubmVyIEZ1bGw6DQo8aHR0cHM6Ly9zb2Z0d2Fy
ZXN1cHBvcnQuaHBlLmNvbS9ncm91cC9zb2Z0d2FyZXN1cHBvcnQvc2VhcmNoLXJlc3Vs
dC8tL2ZhY2V0cw0KYXJjaC9kb2N1bWVudC9MSUQvTFJfMDM2Mzk+DQoNCiogTG9hZCBH
ZW5lcmF0b3IgU0E6DQo8aHR0cHM6Ly9zb2Z0d2FyZXN1cHBvcnQuaHBlLmNvbS9ncm91
cC9zb2Z0d2FyZXN1cHBvcnQvc2VhcmNoLXJlc3VsdC8tL2ZhY2V0cw0KYXJjaC9kb2N1
bWVudC9MSUQvTFJMR18wMDEzMT4NCg0KKiBWdUdlbiBTQToNCjxodHRwczovL3NvZnR3
YXJlc3VwcG9ydC5ocGUuY29tL2dyb3VwL3NvZnR3YXJlc3VwcG9ydC9zZWFyY2gtcmVz
dWx0Ly0vZmFjZXRzDQphcmNoL2RvY3VtZW50L0xJRC9MUlZVR18wMDIxND4NCg0KKiBB
bmFseXNpcyBTQToNCjxodHRwczovL3NvZnR3YXJlc3VwcG9ydC5ocGUuY29tL2dyb3Vw
L3NvZnR3YXJlc3VwcG9ydC9zZWFyY2gtcmVzdWx0Ly0vZmFjZXRzDQphcmNoL2RvY3Vt
ZW50L0xJRC9MUkFOTFNZU18wMDExMD4NCg0KKiBUcnVDbGllbnQgU0E6DQo8aHR0cHM6
Ly9zb2Z0d2FyZXN1cHBvcnQuaHBlLmNvbS9ncm91cC9zb2Z0d2FyZXN1cHBvcnQvc2Vh
cmNoLXJlc3VsdC8tL2ZhY2V0cw0KYXJjaC9kb2N1bWVudC9MSUQvTFJUQ18wMDAwNT4N
Cg0KUmVsZWFzZSBub3RlcyBmb3IgdGhlIExvYWRSdW5uZXIgcGF0Y2ggaXMgYXZhaWxh
YmxlIGF0Og0KPGh0dHBzOi8vc29mdHdhcmVzdXBwb3J0LmhwZS5jb20vZ3JvdXAvc29m
dHdhcmVzdXBwb3J0L3NlYXJjaC1yZXN1bHQvLS9mYWNldHMNCmFyY2gvZG9jdW1lbnQv
S00wMjY4ODU4OT4NCg0KKipQZXJmb3JtYW5jZSBDZW50ZXIqKiAtIFBsZWFzZSBkb3du
bG9hZCBhbmQgaW5zdGFsbCB2MTIuNTMgUGF0Y2ggNCB1c2luZw0KZm9sbG93aW5nIGxp
bms6DQoNCiogUGVyZm9ybWFuY2UgQ2VudGVyIFNlcnZlciBhbmQgSG9zdDoNCjxodHRw
czovL3NvZnR3YXJlc3VwcG9ydC5ocGUuY29tL2dyb3VwL3NvZnR3YXJlc3VwcG9ydC9z
ZWFyY2gtcmVzdWx0Ly0vZmFjZXRzDQphcmNoL2RvY3VtZW50L0xJRC9QQ18wMDMxMj4N
Cg0KUmVsZWFzZSBub3RlcyBmb3IgdGhlIFBlcmZvcm1hbmNlIENlbnRlciBwYXRjaCBp
cyBhdmFpbGFibGUgYXQ6DQo8aHR0cHM6Ly9zb2Z0d2FyZXN1cHBvcnQuaHBlLmNvbS9n
cm91cC9zb2Z0d2FyZXN1cHBvcnQvc2VhcmNoLXJlc3VsdC8tL2ZhY2V0cw0KYXJjaC9k
b2N1bWVudC9LTTAyNjkwNzg5Pg0KDQpISVNUT1JZDQpWZXJzaW9uOjEgKHJldi4xKSAt
IDcgTWFyY2ggMjAxNyBJbml0aWFsIHJlbGVhc2UNCg0KVGhpcmQgUGFydHkgU2VjdXJp
dHkgUGF0Y2hlczogVGhpcmQgcGFydHkgc2VjdXJpdHkgcGF0Y2hlcyB0aGF0IGFyZSB0
byBiZQ0KaW5zdGFsbGVkIG9uIHN5c3RlbXMgcnVubmluZyBIZXdsZXR0IFBhY2thcmQg
RW50ZXJwcmlzZSAoSFBFKSBzb2Z0d2FyZQ0KcHJvZHVjdHMgc2hvdWxkIGJlIGFwcGxp
ZWQgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBjdXN0b21lcidzIHBhdGNoIG1hbmFnZW1l
bnQNCnBvbGljeS4NCg0KU3VwcG9ydDogRm9yIGlzc3VlcyBhYm91dCBpbXBsZW1lbnRp
bmcgdGhlIHJlY29tbWVuZGF0aW9ucyBvZiB0aGlzIFNlY3VyaXR5DQpCdWxsZXRpbiwg
Y29udGFjdCBub3JtYWwgSFBFIFNlcnZpY2VzIHN1cHBvcnQgY2hhbm5lbC4gRm9yIG90
aGVyIGlzc3VlcyBhYm91dA0KdGhlIGNvbnRlbnQgb2YgdGhpcyBTZWN1cml0eSBCdWxs
ZXRpbiwgc2VuZCBlLW1haWwgdG8gc2VjdXJpdHktYWxlcnRAaHBlLmNvbS4NCg0KUmVw
b3J0OiBUbyByZXBvcnQgYSBwb3RlbnRpYWwgc2VjdXJpdHkgdnVsbmVyYWJpbGl0eSBm
b3IgYW55IEhQRSBzdXBwb3J0ZWQNCnByb2R1Y3Q6DQogIFdlYiBmb3JtOiBodHRwczov
L3d3dy5ocGUuY29tL2luZm8vcmVwb3J0LXNlY3VyaXR5LXZ1bG5lcmFiaWxpdHkNCiAg
RW1haWw6IHNlY3VyaXR5LWFsZXJ0QGhwZS5jb20NCg0KU3Vic2NyaWJlOiBUbyBpbml0
aWF0ZSBhIHN1YnNjcmlwdGlvbiB0byByZWNlaXZlIGZ1dHVyZSBIUEUgU2VjdXJpdHkg
QnVsbGV0aW4NCmFsZXJ0cyB2aWEgRW1haWw6IGh0dHA6Ly93d3cuaHBlLmNvbS9zdXBw
b3J0L1N1YnNjcmliZXJfQ2hvaWNlDQoNClNlY3VyaXR5IEJ1bGxldGluIEFyY2hpdmU6
IEEgbGlzdCBvZiByZWNlbnRseSByZWxlYXNlZCBTZWN1cml0eSBCdWxsZXRpbnMgaXMN
CmF2YWlsYWJsZSBoZXJlOiBodHRwOi8vd3d3LmhwZS5jb20vc3VwcG9ydC9TZWN1cml0
eV9CdWxsZXRpbl9BcmNoaXZlDQoNClNvZnR3YXJlIFByb2R1Y3QgQ2F0ZWdvcnk6IFRo
ZSBTb2Z0d2FyZSBQcm9kdWN0IENhdGVnb3J5IGlzIHJlcHJlc2VudGVkIGluDQp0aGUg
dGl0bGUgYnkgdGhlIHR3byBjaGFyYWN0ZXJzIGZvbGxvd2luZyBIUFNCLg0KDQozQyA9
IDNDT00NCjNQID0gM3JkIFBhcnR5IFNvZnR3YXJlDQpHTiA9IEhQRSBHZW5lcmFsIFNv
ZnR3YXJlDQpIRiA9IEhQRSBIYXJkd2FyZSBhbmQgRmlybXdhcmUNCk1VID0gTXVsdGkt
UGxhdGZvcm0gU29mdHdhcmUNCk5TID0gTm9uU3RvcCBTZXJ2ZXJzDQpPViA9IE9wZW5W
TVMNClBWID0gUHJvQ3VydmUNClNUID0gU3RvcmFnZSBTb2Z0d2FyZQ0KVVggPSBIUC1V
WA0KDQpDb3B5cmlnaHQgMjAxNiBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZQ0KDQpI
ZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBzaGFsbCBub3QgYmUgbGlhYmxlIGZvciB0
ZWNobmljYWwgb3IgZWRpdG9yaWFsDQplcnJvcnMgb3Igb21pc3Npb25zIGNvbnRhaW5l
ZCBoZXJlaW4uIFRoZSBpbmZvcm1hdGlvbiBwcm92aWRlZCBpcyBwcm92aWRlZA0KImFz
IGlzIiB3aXRob3V0IHdhcnJhbnR5IG9mIGFueSBraW5kLiBUbyB0aGUgZXh0ZW50IHBl
cm1pdHRlZCBieSBsYXcsIG5laXRoZXINCkhQIG9yIGl0cyBhZmZpbGlhdGVzLCBzdWJj
b250cmFjdG9ycyBvciBzdXBwbGllcnMgd2lsbCBiZSBsaWFibGUgZm9yDQppbmNpZGVu
dGFsLHNwZWNpYWwgb3IgY29uc2VxdWVudGlhbCBkYW1hZ2VzIGluY2x1ZGluZyBkb3du
dGltZSBjb3N0OyBsb3N0DQpwcm9maXRzOyBkYW1hZ2VzIHJlbGF0aW5nIHRvIHRoZSBw
cm9jdXJlbWVudCBvZiBzdWJzdGl0dXRlIHByb2R1Y3RzIG9yDQpzZXJ2aWNlczsgb3Ig
ZGFtYWdlcyBmb3IgbG9zcyBvZiBkYXRhLCBvciBzb2Z0d2FyZSByZXN0b3JhdGlvbi4g
VGhlDQppbmZvcm1hdGlvbiBpbiB0aGlzIGRvY3VtZW50IGlzIHN1YmplY3QgdG8gY2hh
bmdlIHdpdGhvdXQgbm90aWNlLiBIZXdsZXR0DQpQYWNrYXJkIEVudGVycHJpc2UgYW5k
IHRoZSBuYW1lcyBvZiBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBwcm9kdWN0cw0K
cmVmZXJlbmNlZCBoZXJlaW4gYXJlIHRyYWRlbWFya3Mgb2YgSGV3bGV0dCBQYWNrYXJk
IEVudGVycHJpc2UgaW4gdGhlIFVuaXRlZA0KU3RhdGVzIGFuZCBvdGhlciBjb3VudHJp
ZXMuIE90aGVyIHByb2R1Y3QgYW5kIGNvbXBhbnkgbmFtZXMgbWVudGlvbmVkIGhlcmVp
bg0KbWF5IGJlIHRyYWRlbWFya3Mgb2YgdGhlaXIgcmVzcGVjdGl2ZSBvd25lcnMuDQot
LS0tLUJFR0lOIFBHUCBTSUdOQVRVUkUtLS0tLQpWZXJzaW9uOiBHbnVQRyB2MQoKaVFF
Y0JBRUJDQUFHQlFKWXZ5U1VBQW9KRUxYaEF4dDdTWmFpMnI0SCt3U29oV2JkV1pmWSsx
R1ZoaFhjSmhvSQo5UHJna2NvVzZCbzJ0Skk4SkN2ZUFLcnBKV3F6WGh4Nzd6UGI5NEJm
OEVSM0t5VWlGVE9oeC96NUt2MmNXMmEzCk1zd2tyaUxhTXppMUc4Y2lobG10cW1UUkZm
ck5uNUFKWlNPUEtSMTJpdVJncFVFbmt4VGYzNzI3U0tycDI1dXYKMVpEOHhYaWdyRWlG
M2k1S25YUjRVSkd6djhMWmpjd3Y1Q2xPMTNTeXNSOG9UQmEwVVRLSXJ2TjlzNndreUlF
WApjTVY5QldGa252dUM0TmgybG82dVhXcVQ1bWM4VXI1WjFYTU1iUDlBZFZzcWQ0TzFS
QzcwQlhCREo3ZnZnNnFiCjBUc25ueHlVaTQwWnFDM0R4cEZnT2R4ZTB2ZVdaNDF3SXBW
eXBneW9ENzhRVmkyQWJHUkRBVjZsMFI3NXpnZz0KPVZqYloKLS0tLS1FTkQgUEdQIFNJ
R05BVFVSRS0tLS0tCg==