[security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v
dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp
cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj
L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzE0ZW5fdXMN
Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j
dW1lbnQgSUQ6IGhwZXNiaGYwMzcxNGVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw
MzcxNCByZXYuMSAtIEhQRSBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoSU1D
KSBQTEFULCBMb2NhbA0KQXJiaXRyYXJ5IEZpbGUgRG93bmxvYWQNCg0KTk9USUNFOiBU
aGUgaW5mb3JtYXRpb24gaW4gdGhpcyBTZWN1cml0eSBCdWxsZXRpbiBzaG91bGQgYmUg
YWN0ZWQgdXBvbiBhcw0Kc29vbiBhcyBwb3NzaWJsZS4NCg0KUmVsZWFzZSBEYXRlOiAy
MDE3LTAzLTA4DQpMYXN0IFVwZGF0ZWQ6IDIwMTctMDMtMDgNCg0KUG90ZW50aWFsIFNl
Y3VyaXR5IEltcGFjdDogTG9jYWw6IEFyYml0cmFyeSBGaWxlIERvd25sb2FkDQoNClNv
dXJjZTogSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UsIFByb2R1Y3QgU2VjdXJpdHkg
UmVzcG9uc2UgVGVhbQ0KDQpWVUxORVJBQklMSVRZIFNVTU1BUlkNCkEgcG90ZW50aWFs
IHNlY3VyaXR5IHZ1bG5lcmFiaWxpdHkgaGFzIGJlZW4gaWRlbnRpZmllZCBpbiBIUEUg
SW50ZWxsaWdlbnQNCk1hbmFnZW1lbnQgQ2VudGVyIChJTUMpIFBMQVQgdGhhdCBjb3Vs
ZCBiZSByZW1vdGVseSBleHBsb2l0ZWQgdG8gYWxsb3cgdGhlDQphcmJpdHJhcnkgcmVh
ZGluZyBvZiBmaWxlcyB3aXRob3V0IGF1dGhlbnRpY2F0aW9uIG9yIGF1dGhvcml6YXRp
b24uDQoNClJlZmVyZW5jZXM6DQoNCiAgLSBDVkUtMjAxNy01Nzk1DQoNClNVUFBPUlRF
RCBTT0ZUV0FSRSBWRVJTSU9OUyo6IE9OTFkgaW1wYWN0ZWQgdmVyc2lvbnMgYXJlIGxp
c3RlZC4NCg0KICAtIEhQRSBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoaU1D
KSBpTUMgUExBVCA3LjIgRTA0MDNQMDYNCg0KQkFDS0dST1VORA0KDQogIENWU1MgQmFz
ZSBNZXRyaWNzDQogID09PT09PT09PT09PT09PT09DQogIFJlZmVyZW5jZSwgQ1ZTUyBW
MyBTY29yZS9WZWN0b3IsIENWU1MgVjIgU2NvcmUvVmVjdG9yDQoNCiAgICBDVkUtMjAx
Ny01Nzk1DQogICAgICA2LjUgQ1ZTUzozLjAvQVY6Ti9BQzpML1BSOk4vVUk6Ui9TOlUv
QzpIL0k6Ti9BOk4NCiAgICAgIDYuOCAoQVY6Ti9BQzpML0F1OlMvQzpDL0k6Ti9BOk4p
DQoNCiAgICBJbmZvcm1hdGlvbiBvbiBDVlNTIGlzIGRvY3VtZW50ZWQgaW4NCiAgICBI
UEUgQ3VzdG9tZXIgTm90aWNlIEhQU04tMjAwOC0wMDIgaGVyZToNCg0KaHR0cHM6Ly9o
MjA1NjQud3d3Mi5ocGUuY29tL2hwc2MvZG9jL3B1YmxpYy9kaXNwbGF5P2RvY0lkPWVt
cl9uYS1jMDEzNDU0OTkNCg0KSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgdGhhbmtz
IHJnb2QsICB3b3JraW5nIHdpdGggVHJlbmQgTWljcm8ncyBaZXJvIERheQ0KSW5pdGlh
dGl2ZSBmb3IgcmVwb3J0aW5nIHRoaXMgaXNzdWUuDQoNClJFU09MVVRJT04NCg0KSFBF
IGhhcyBtYWRlIHRoZSBmb2xsb3dpbmcgc29mdHdhcmUgdXBkYXRlcyB0byByZXNvbHZl
IHRoZSB2dWxuZXJhYmlsaXR5IGluDQpJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRl
ciAoSU1DKSBQTEFUIDcuMiBFMDQwM1AwNi4gDQoNCiArICoqaU1DIFBMQVQgLSBWZXJz
aW9uOiBGaXhlZCBpbiBJTUMgUExBVCA3LjMgRTA1MDRQMDIqKg0KICAgICogSFAgTmV0
d29yayBQcm9kdWN0cw0KICAgICAgLSBKRDEyNUEgIEhQIElNQyBTdGQgUy9XIFBsYXRm
b3JtIHcvMTAwLW5vZGUNCiAgICAgIC0gSkQxMjZBICBIUCBJTUMgRW50IFMvVyBQbGF0
Zm9ybSB3LzEwMC1ub2RlDQogICAgICAtIEpEODA4QSAgSFAgSU1DIEVudCBQbGF0Zm9y
bSB3LzEwMC1ub2RlIExpY2Vuc2UNCiAgICAgIC0gSkQ4MTRBICAgSFAgQS1JTUMgRW50
ZXJwcmlzZSBFZGl0aW9uIFNvZnR3YXJlIERWRCBNZWRpYQ0KICAgICAgLSBKRDgxNUEg
IEhQIElNQyBTdGQgUGxhdGZvcm0gdy8xMDAtbm9kZSBMaWNlbnNlDQogICAgICAtIEpE
ODE2QSAgSFAgQS1JTUMgU3RhbmRhcmQgRWRpdGlvbiBTb2Z0d2FyZSBEVkQgTWVkaWEN
CiAgICAgIC0gSkYyODhBQUUgIEhQIE5ldHdvcmsgRGlyZWN0b3IgdG8gSW50ZWxsaWdl
bnQgTWFuYWdlbWVudCBDZW50ZXINClVwZ3JhZGUgRS1MVFUNCiAgICAgIC0gSkYyODlB
QUUgIEhQIEVudGVycHJpc2UgTWFuYWdlbWVudCBTeXN0ZW0gdG8gSW50ZWxsaWdlbnQg
TWFuYWdlbWVudA0KQ2VudGVyIFVwZ3JhZGUgRS1MVFUNCiAgICAgIC0gSkYzNzdBICBI
UCBJTUMgU3RkIFMvVyBQbGF0Zm9ybSB3LzEwMC1ub2RlIExpYw0KICAgICAgLSBKRjM3
N0FBRSAgSFAgSU1DIFN0ZCBTL1cgUGx0ZnJtIHcvMTAwLW5vZGUgRS1MVFUNCiAgICAg
IC0gSkYzNzhBICBIUCBJTUMgRW50IFMvVyBQbGF0Zm9ybSB3LzIwMC1ub2RlIExpYw0K
ICAgICAgLSBKRjM3OEFBRSAgSFAgSU1DIEVudCBTL1cgUGx0ZnJtIHcvMjAwLW5vZGUg
RS1MVFUNCiAgICAgIC0gSkc1NDZBQUUgIEhQIElNQyBCYXNpYyBTVyBQbGF0Zm9ybSB3
LzUwLW5vZGUgRS1MVFUNCiAgICAgIC0gSkc1NDhBQUUgIEhQIFBDTSsgdG8gSU1DIEJz
YyBVcGdyIHcvNTAtbm9kZSBFLUxUVQ0KICAgICAgLSBKRzU0OUFBRSAgSFAgUENNKyB0
byBJTUMgU3RkIFVwZ3Igdy8yMDAtbm9kZSBFLUxUVQ0KICAgICAgLSBKRzc0N0FBRSAg
SFAgSU1DIFN0ZCBTVyBQbGF0IHcvIDUwIE5vZGVzIEUtTFRVDQogICAgICAtIEpHNzQ4
QUFFICBIUCBJTUMgRW50IFNXIFBsYXQgdy8gNTAgTm9kZXMgRS1MVFUNCiAgICAgIC0g
Skc3NjhBQUUgIEhQIFBDTSsgdG8gSU1DIFN0ZCBVcGcgdy8gMjAwLW5vZGUgRS1MVFUN
CiAgICAgIC0gSkc1NTBBQUUgSFBFIFBDTSsgTW9iaWxpdHkgTWFuYWdlciB0byBJTUMg
QmFzaWMgV0xBTiBQbGF0Zm9ybSBVcGdyYWRlDQo1MC1ub2RlIGFuZCAxNTAtQVAgRS1M
VFUNCiAgICAgIC0gSkc1OTBBQUUgSFBFIElNQyBCYXNpYyBXTEFOIE1hbmFnZXIgU29m
dHdhcmUgUGxhdGZvcm0gNTAgQWNjZXNzIFBvaW50DQpFLUxUVQ0KICAgICAgLSBKRzY2
MEFBRSBIUCBJTUMgU21hcnQgQ29ubmVjdCB3aXRoIFdpcmVsZXNzIE1hbmFnZXIgVmly
dHVhbCBBcHBsaWFuY2UNCkVkaXRpb24gRS1MVFUNCiAgICAgIC0gSkc3NjZBQUUgSFAg
SU1DIFNtYXJ0IENvbm5lY3QgVmlydHVhbCBBcHBsaWFuY2UgRWRpdGlvbiBFLUxUVQ0K
ICAgICAgLSBKRzc2N0FBRSBIUCBJTUMgU21hcnQgQ29ubmVjdCB3aXRoIFdpcmVsZXNz
IE1hbmFnZXIgVmlydHVhbCBBcHBsaWFuY2UNCkVkaXRpb24gRS1MVFUNCiAgICAgIC0g
Skc3NjhBQUUgSFBFIFBDTSsgdG8gSU1DIFN0YW5kYXJkIFNvZnR3YXJlIFBsYXRmb3Jt
IFVwZ3JhZGUgd2l0aA0KMjAwLW5vZGUgRS1MVFUNCiAgICAgIC0gSkg3MDRBQUUgIEFy
dWJhIElNQyBTdGQgU1cgUGxhdCB3LzUwLW5vZGUgRS1MVFUNCiAgICAgIC0gSkg3MDVB
QUUgIEFydWJhIElNQyBFbnQgU1cgUGxhdCB3LzUwLW5vZGUgRS1MVFUNCiAgICAgIA0K
ICoqTm90ZToqKiBQbGVhc2UgY29udGFjdCBIUEUgVGVjaG5pY2FsIFN1cHBvcnQgaWYg
YW55IGFzc2lzdGFuY2UgaXMgbmVlZGVkDQphY3F1aXJpbmcgdGhlIHNvZnR3YXJlIHVw
ZGF0ZXMuDQoNCkhJU1RPUlkNClZlcnNpb246MSAocmV2LjEpIC0gOCBNYXJjaCAyMDE3
IEluaXRpYWwgcmVsZWFzZQ0KDQpUaGlyZCBQYXJ0eSBTZWN1cml0eSBQYXRjaGVzOiBU
aGlyZCBwYXJ0eSBzZWN1cml0eSBwYXRjaGVzIHRoYXQgYXJlIHRvIGJlDQppbnN0YWxs
ZWQgb24gc3lzdGVtcyBydW5uaW5nIEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIChI
UEUpIHNvZnR3YXJlDQpwcm9kdWN0cyBzaG91bGQgYmUgYXBwbGllZCBpbiBhY2NvcmRh
bmNlIHdpdGggdGhlIGN1c3RvbWVyJ3MgcGF0Y2ggbWFuYWdlbWVudA0KcG9saWN5Lg0K
DQpTdXBwb3J0OiBGb3IgaXNzdWVzIGFib3V0IGltcGxlbWVudGluZyB0aGUgcmVjb21t
ZW5kYXRpb25zIG9mIHRoaXMgU2VjdXJpdHkNCkJ1bGxldGluLCBjb250YWN0IG5vcm1h
bCBIUEUgU2VydmljZXMgc3VwcG9ydCBjaGFubmVsLiBGb3Igb3RoZXIgaXNzdWVzIGFi
b3V0DQp0aGUgY29udGVudCBvZiB0aGlzIFNlY3VyaXR5IEJ1bGxldGluLCBzZW5kIGUt
bWFpbCB0byBzZWN1cml0eS1hbGVydEBocGUuY29tLg0KDQpSZXBvcnQ6IFRvIHJlcG9y
dCBhIHBvdGVudGlhbCBzZWN1cml0eSB2dWxuZXJhYmlsaXR5IGZvciBhbnkgSFBFIHN1
cHBvcnRlZA0KcHJvZHVjdDoNCiAgV2ViIGZvcm06IGh0dHBzOi8vd3d3LmhwZS5jb20v
aW5mby9yZXBvcnQtc2VjdXJpdHktdnVsbmVyYWJpbGl0eQ0KICBFbWFpbDogc2VjdXJp
dHktYWxlcnRAaHBlLmNvbQ0KDQpTdWJzY3JpYmU6IFRvIGluaXRpYXRlIGEgc3Vic2Ny
aXB0aW9uIHRvIHJlY2VpdmUgZnV0dXJlIEhQRSBTZWN1cml0eSBCdWxsZXRpbg0KYWxl
cnRzIHZpYSBFbWFpbDogaHR0cDovL3d3dy5ocGUuY29tL3N1cHBvcnQvU3Vic2NyaWJl
cl9DaG9pY2UNCg0KU2VjdXJpdHkgQnVsbGV0aW4gQXJjaGl2ZTogQSBsaXN0IG9mIHJl
Y2VudGx5IHJlbGVhc2VkIFNlY3VyaXR5IEJ1bGxldGlucyBpcw0KYXZhaWxhYmxlIGhl
cmU6IGh0dHA6Ly93d3cuaHBlLmNvbS9zdXBwb3J0L1NlY3VyaXR5X0J1bGxldGluX0Fy
Y2hpdmUNCg0KU29mdHdhcmUgUHJvZHVjdCBDYXRlZ29yeTogVGhlIFNvZnR3YXJlIFBy
b2R1Y3QgQ2F0ZWdvcnkgaXMgcmVwcmVzZW50ZWQgaW4NCnRoZSB0aXRsZSBieSB0aGUg
dHdvIGNoYXJhY3RlcnMgZm9sbG93aW5nIEhQU0IuDQoNCjNDID0gM0NPTQ0KM1AgPSAz
cmQgUGFydHkgU29mdHdhcmUNCkdOID0gSFBFIEdlbmVyYWwgU29mdHdhcmUNCkhGID0g
SFBFIEhhcmR3YXJlIGFuZCBGaXJtd2FyZQ0KTVUgPSBNdWx0aS1QbGF0Zm9ybSBTb2Z0
d2FyZQ0KTlMgPSBOb25TdG9wIFNlcnZlcnMNCk9WID0gT3BlblZNUw0KUFYgPSBQcm9D
dXJ2ZQ0KU1QgPSBTdG9yYWdlIFNvZnR3YXJlDQpVWCA9IEhQLVVYDQoNCkNvcHlyaWdo
dCAyMDE2IEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlDQoNCkhld2xldHQgUGFja2Fy
ZCBFbnRlcnByaXNlIHNoYWxsIG5vdCBiZSBsaWFibGUgZm9yIHRlY2huaWNhbCBvciBl
ZGl0b3JpYWwNCmVycm9ycyBvciBvbWlzc2lvbnMgY29udGFpbmVkIGhlcmVpbi4gVGhl
IGluZm9ybWF0aW9uIHByb3ZpZGVkIGlzIHByb3ZpZGVkDQoiYXMgaXMiIHdpdGhvdXQg
d2FycmFudHkgb2YgYW55IGtpbmQuIFRvIHRoZSBleHRlbnQgcGVybWl0dGVkIGJ5IGxh
dywgbmVpdGhlcg0KSFAgb3IgaXRzIGFmZmlsaWF0ZXMsIHN1YmNvbnRyYWN0b3JzIG9y
IHN1cHBsaWVycyB3aWxsIGJlIGxpYWJsZSBmb3INCmluY2lkZW50YWwsc3BlY2lhbCBv
ciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgaW5jbHVkaW5nIGRvd250aW1lIGNvc3Q7IGxv
c3QNCnByb2ZpdHM7IGRhbWFnZXMgcmVsYXRpbmcgdG8gdGhlIHByb2N1cmVtZW50IG9m
IHN1YnN0aXR1dGUgcHJvZHVjdHMgb3INCnNlcnZpY2VzOyBvciBkYW1hZ2VzIGZvciBs
b3NzIG9mIGRhdGEsIG9yIHNvZnR3YXJlIHJlc3RvcmF0aW9uLiBUaGUNCmluZm9ybWF0
aW9uIGluIHRoaXMgZG9jdW1lbnQgaXMgc3ViamVjdCB0byBjaGFuZ2Ugd2l0aG91dCBu
b3RpY2UuIEhld2xldHQNClBhY2thcmQgRW50ZXJwcmlzZSBhbmQgdGhlIG5hbWVzIG9m
IEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIHByb2R1Y3RzDQpyZWZlcmVuY2VkIGhl
cmVpbiBhcmUgdHJhZGVtYXJrcyBvZiBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBp
biB0aGUgVW5pdGVkDQpTdGF0ZXMgYW5kIG90aGVyIGNvdW50cmllcy4gT3RoZXIgcHJv
ZHVjdCBhbmQgY29tcGFueSBuYW1lcyBtZW50aW9uZWQgaGVyZWluDQptYXkgYmUgdHJh
ZGVtYXJrcyBvZiB0aGVpciByZXNwZWN0aXZlIG93bmVycy4NCi0tLS0tQkVHSU4gUEdQ
IFNJR05BVFVSRS0tLS0tClZlcnNpb246IEdudVBHIHYxCgppUUVjQkFFQkNBQUdCUUpZ
d0VISUFBb0pFTFhoQXh0N1NaYWlYN1lJQUlFZktDZGszcTZMaGs3R3pNVkgvVVUwClY5
TFdWLzVCUjFiblNnYWVIaHJEU3ZZUmIyYVZQcTRJTnFXdFQvenNBa2taa2VPb0dIaGNZ
dmRjZUhqUTFnS0UKYjB6anY1dnVBc3VYM2swZEd4U0pKSm5LVjYxVi9ZTDZaS1JKWU5T
YTRETzVzd0JGTXNtanFtZGhJSDkvQ0trdAp3blFsUWh2L29XVWNPMzQ4dE9YVDR6b3Zh
amtDQmFES2lCL0d0NWlGR3h4SDZMUXFORTBCSlVNSGFjRktRdWFIClRsQ3cwVXdNVXk0
dUorQXBSdzN2U0g5ejg2SnB0bEpUTkdWQUVsOWU2MTE1UDZiQS9wZG9wVWNTRUdKMGdu
dFMKQ2NaZ0J5Yy9ScmZBUVdhSjNuUWFlY0hOTjk2eHFYY3ZHNFlUSXZ5anZ5SjNuRXdF
clpEcFUrRXlsdUV0SDlRPQo9THc4MwotLS0tLUVORCBQR1AgU0lHTkFUVVJFLS0tLS0K