[security bulletin] HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scripting (XSS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v
dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp
cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj
L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzIxZW5fdXMN
Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j
dW1lbnQgSUQ6IGhwZXNiZ24wMzcyMWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w
MzcyMSByZXYuMSAtIEhQRSBPcGVyYXRpb25zIEJyaWRnZSBBbmFseXRpY3MsIFJlbW90
ZSBDcm9zcy1TaXRlDQpTY3JpcHRpbmcgKFhTUykNCg0KTk9USUNFOiBUaGUgaW5mb3Jt
YXRpb24gaW4gdGhpcyBTZWN1cml0eSBCdWxsZXRpbiBzaG91bGQgYmUgYWN0ZWQgdXBv
biBhcw0Kc29vbiBhcyBwb3NzaWJsZS4NCg0KUmVsZWFzZSBEYXRlOiAyMDE3LTAzLTMx
DQpMYXN0IFVwZGF0ZWQ6IDIwMTctMDMtMzENCg0KUG90ZW50aWFsIFNlY3VyaXR5IElt
cGFjdDogUmVtb3RlOiBDcm9zcy1TaXRlIFNjcmlwdGluZyAoWFNTKQ0KDQpTb3VyY2U6
IEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlLCBQcm9kdWN0IFNlY3VyaXR5IFJlc3Bv
bnNlIFRlYW0NCg0KVlVMTkVSQUJJTElUWSBTVU1NQVJZDQpBIHBvdGVudGlhbCB2dWxu
ZXJhYmlsaXR5IGhhcyBiZWVuIGlkZW50aWZpZWQgaW4gSFBFIE9wZXJhdGlvbnMgQnJp
ZGdlDQpBbmFseXRpY3MuIFRoZSB2dWxuZXJhYmlsaXR5IGNvdWxkIGJlIGV4cGxvaXRl
ZCB0byBhbGxvdyByZW1vdGUgY3Jvc3Mtc2l0ZQ0Kc2NyaXB0aW5nIChYU1MpLg0KDQpS
ZWZlcmVuY2VzOg0KDQogIC0gQ1ZFLTIwMTctNTgwMCAtIFJlbW90ZSBDcm9zcy1TaXRl
IFNjcmlwdGluZyAoWFNTKQ0KDQpTVVBQT1JURUQgU09GVFdBUkUgVkVSU0lPTlMqOiBP
TkxZIGltcGFjdGVkIHZlcnNpb25zIGFyZSBsaXN0ZWQuDQoNCiAgLSBIUCBPcGVyYXRp
b25zIEFuYWx5dGljcyBTb2Z0d2FyZSAtICBPcGVyYXRpb25zIEJyaWRnZSBBbmFseXRp
Y3MgdjMuMA0KDQpCQUNLR1JPVU5EDQoNCiAgQ1ZTUyBCYXNlIE1ldHJpY3MNCiAgPT09
PT09PT09PT09PT09PT0NCiAgUmVmZXJlbmNlLCBDVlNTIFYzIFNjb3JlL1ZlY3Rvciwg
Q1ZTUyBWMiBTY29yZS9WZWN0b3INCg0KICAgIENWRS0yMDE3LTU4MDANCiAgICAgIDYu
NCBDVlNTOjMuMC9BVjpOL0FDOkgvUFI6TC9VSTpOL1M6VS9DOkwvSTpIL0E6TA0KICAg
ICAgNi4xIChBVjpOL0FDOkgvQXU6Uy9DOlAvSTpDL0E6UCkNCg0KICAgIEluZm9ybWF0
aW9uIG9uIENWU1MgaXMgZG9jdW1lbnRlZCBpbg0KICAgIEhQRSBDdXN0b21lciBOb3Rp
Y2UgSFBTTi0yMDA4LTAwMiBoZXJlOg0KDQpodHRwczovL2gyMDU2NC53d3cyLmhwZS5j
b20vaHBzYy9kb2MvcHVibGljL2Rpc3BsYXk/ZG9jSWQ9ZW1yX25hLWMwMTM0NTQ5OQ0K
DQpSRVNPTFVUSU9ODQoNCkhQRSBoYXMgcHJvdmlkZWQgdGhlIGZvbGxvd2luZyBzb2Z0
d2FyZSB1cGRhdGUgdG8gcmVzb2x2ZSB0aGlzIHZ1bG5lcmFiaWxpdHkNCmluIHRoZSBp
bXBhY3RlZCB2ZXJzaW9uIG9mIE9wZXJhdGlvbnMgQW5hbHl0aWNzLiANCg0KKiBPcGVy
YXRpb25zIEFuYWx5dGljcyAzLjAgSVAxOg0KPGh0dHBzOi8vc29mdHdhcmVzdXBwb3J0
LmhwZS5jb20vZ3JvdXAvc29mdHdhcmVzdXBwb3J0L3NlYXJjaC1yZXN1bHQ/bGFuZz1l
biYNCmM9dXMmaHBhcHBpZD0yMDIzOTJfU1NPX1BST19IUEU+DQoNCkhJU1RPUlkNClZl
cnNpb246MSAocmV2LjEpIC0gMzEgTWFyY2ggMjAxNyBJbml0aWFsIHJlbGVhc2UNCg0K
VGhpcmQgUGFydHkgU2VjdXJpdHkgUGF0Y2hlczogVGhpcmQgcGFydHkgc2VjdXJpdHkg
cGF0Y2hlcyB0aGF0IGFyZSB0byBiZQ0KaW5zdGFsbGVkIG9uIHN5c3RlbXMgcnVubmlu
ZyBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSAoSFBFKSBzb2Z0d2FyZQ0KcHJvZHVj
dHMgc2hvdWxkIGJlIGFwcGxpZWQgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBjdXN0b21l
cidzIHBhdGNoIG1hbmFnZW1lbnQNCnBvbGljeS4NCg0KU3VwcG9ydDogRm9yIGlzc3Vl
cyBhYm91dCBpbXBsZW1lbnRpbmcgdGhlIHJlY29tbWVuZGF0aW9ucyBvZiB0aGlzIFNl
Y3VyaXR5DQpCdWxsZXRpbiwgY29udGFjdCBub3JtYWwgSFBFIFNlcnZpY2VzIHN1cHBv
cnQgY2hhbm5lbC4gRm9yIG90aGVyIGlzc3VlcyBhYm91dA0KdGhlIGNvbnRlbnQgb2Yg
dGhpcyBTZWN1cml0eSBCdWxsZXRpbiwgc2VuZCBlLW1haWwgdG8gc2VjdXJpdHktYWxl
cnRAaHBlLmNvbS4NCg0KUmVwb3J0OiBUbyByZXBvcnQgYSBwb3RlbnRpYWwgc2VjdXJp
dHkgdnVsbmVyYWJpbGl0eSBmb3IgYW55IEhQRSBzdXBwb3J0ZWQNCnByb2R1Y3Q6DQog
IFdlYiBmb3JtOiBodHRwczovL3d3dy5ocGUuY29tL2luZm8vcmVwb3J0LXNlY3VyaXR5
LXZ1bG5lcmFiaWxpdHkNCiAgRW1haWw6IHNlY3VyaXR5LWFsZXJ0QGhwZS5jb20NCg0K
U3Vic2NyaWJlOiBUbyBpbml0aWF0ZSBhIHN1YnNjcmlwdGlvbiB0byByZWNlaXZlIGZ1
dHVyZSBIUEUgU2VjdXJpdHkgQnVsbGV0aW4NCmFsZXJ0cyB2aWEgRW1haWw6IGh0dHA6
Ly93d3cuaHBlLmNvbS9zdXBwb3J0L1N1YnNjcmliZXJfQ2hvaWNlDQoNClNlY3VyaXR5
IEJ1bGxldGluIEFyY2hpdmU6IEEgbGlzdCBvZiByZWNlbnRseSByZWxlYXNlZCBTZWN1
cml0eSBCdWxsZXRpbnMgaXMNCmF2YWlsYWJsZSBoZXJlOiBodHRwOi8vd3d3LmhwZS5j
b20vc3VwcG9ydC9TZWN1cml0eV9CdWxsZXRpbl9BcmNoaXZlDQoNClNvZnR3YXJlIFBy
b2R1Y3QgQ2F0ZWdvcnk6IFRoZSBTb2Z0d2FyZSBQcm9kdWN0IENhdGVnb3J5IGlzIHJl
cHJlc2VudGVkIGluDQp0aGUgdGl0bGUgYnkgdGhlIHR3byBjaGFyYWN0ZXJzIGZvbGxv
d2luZyBIUFNCLg0KDQozQyA9IDNDT00NCjNQID0gM3JkIFBhcnR5IFNvZnR3YXJlDQpH
TiA9IEhQRSBHZW5lcmFsIFNvZnR3YXJlDQpIRiA9IEhQRSBIYXJkd2FyZSBhbmQgRmly
bXdhcmUNCk1VID0gTXVsdGktUGxhdGZvcm0gU29mdHdhcmUNCk5TID0gTm9uU3RvcCBT
ZXJ2ZXJzDQpPViA9IE9wZW5WTVMNClBWID0gUHJvQ3VydmUNClNUID0gU3RvcmFnZSBT
b2Z0d2FyZQ0KVVggPSBIUC1VWA0KDQpDb3B5cmlnaHQgMjAxNiBIZXdsZXR0IFBhY2th
cmQgRW50ZXJwcmlzZQ0KDQpIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBzaGFsbCBu
b3QgYmUgbGlhYmxlIGZvciB0ZWNobmljYWwgb3IgZWRpdG9yaWFsDQplcnJvcnMgb3Ig
b21pc3Npb25zIGNvbnRhaW5lZCBoZXJlaW4uIFRoZSBpbmZvcm1hdGlvbiBwcm92aWRl
ZCBpcyBwcm92aWRlZA0KImFzIGlzIiB3aXRob3V0IHdhcnJhbnR5IG9mIGFueSBraW5k
LiBUbyB0aGUgZXh0ZW50IHBlcm1pdHRlZCBieSBsYXcsIG5laXRoZXINCkhQIG9yIGl0
cyBhZmZpbGlhdGVzLCBzdWJjb250cmFjdG9ycyBvciBzdXBwbGllcnMgd2lsbCBiZSBs
aWFibGUgZm9yDQppbmNpZGVudGFsLHNwZWNpYWwgb3IgY29uc2VxdWVudGlhbCBkYW1h
Z2VzIGluY2x1ZGluZyBkb3dudGltZSBjb3N0OyBsb3N0DQpwcm9maXRzOyBkYW1hZ2Vz
IHJlbGF0aW5nIHRvIHRoZSBwcm9jdXJlbWVudCBvZiBzdWJzdGl0dXRlIHByb2R1Y3Rz
IG9yDQpzZXJ2aWNlczsgb3IgZGFtYWdlcyBmb3IgbG9zcyBvZiBkYXRhLCBvciBzb2Z0
d2FyZSByZXN0b3JhdGlvbi4gVGhlDQppbmZvcm1hdGlvbiBpbiB0aGlzIGRvY3VtZW50
IGlzIHN1YmplY3QgdG8gY2hhbmdlIHdpdGhvdXQgbm90aWNlLiBIZXdsZXR0DQpQYWNr
YXJkIEVudGVycHJpc2UgYW5kIHRoZSBuYW1lcyBvZiBIZXdsZXR0IFBhY2thcmQgRW50
ZXJwcmlzZSBwcm9kdWN0cw0KcmVmZXJlbmNlZCBoZXJlaW4gYXJlIHRyYWRlbWFya3Mg
b2YgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgaW4gdGhlIFVuaXRlZA0KU3RhdGVz
IGFuZCBvdGhlciBjb3VudHJpZXMuIE90aGVyIHByb2R1Y3QgYW5kIGNvbXBhbnkgbmFt
ZXMgbWVudGlvbmVkIGhlcmVpbg0KbWF5IGJlIHRyYWRlbWFya3Mgb2YgdGhlaXIgcmVz
cGVjdGl2ZSBvd25lcnMuDQotLS0tLUJFR0lOIFBHUCBTSUdOQVRVUkUtLS0tLQpWZXJz
aW9uOiBHbnVQRyB2MQoKaVFFY0JBRUJDQUFHQlFKWTNxZDJBQW9KRUxYaEF4dDdTWmFp
ZmlZSUFLSDdCazZ6MGtXNEJWMHFxb0RYWGM3OAo3UHRzdWswOG40QWhTNkdaQys4WHhO
aFp5VVordTJzeDg4VVlaTnExVHk4V2NZUllVdGRGY0s5aHY5WkJnaE4vCkJSTWIvTjFk
c05nbWtqaFpqREQ4VzBKb3hLMVRIK2Q2K3BGS2dFUC9ZbVYwUVJGRTBxNlNFRzdIcVl0
U0IwYjYKcXJIaENNcUY5ZUFuVjczUkpWNHVrOFJjNkJiLytCL1g1SEw2VWNkUWpQdUU4
Ti8ycDZWZURia2p6RlZrODNtNwpDUFVDY2g4eDBGQVJLQXovV1dPVm1BMjVJcVk5K3Nk
TGx4bW1VSXI5NDBINjc5MWRsK1l2QVJjelRQNWpXSEkwCnNValNmU1QvR29QWHR0WERW
OUw2Rm1KNGY1d1ROenEySVlHWkZKUEN6b2Z3Y1NxbnQ1VlhHd29taDZJRUhHTT0KPXhL
bnoKLS0tLS1FTkQgUEdQIFNJR05BVFVSRS0tLS0tCg==