[security bulletin] HPESBHF03746 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCk5vdGU6
IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBpcyBhdmFpbGFi
bGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNjL2RvYy9wdWJsaWMvZGlz
cGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzQ2ZW5fdXMNCg0KU1VQUE9SVCBDT01NVU5JQ0FU
SU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9jdW1lbnQgSUQ6IGhwZXNiaGYwMzc0NmVuX3Vz
DQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYwMzc0NiByZXYuMSAtIEhQRSBJbnRlbGxpZ2VudCBNYW5h
Z2VtZW50IENlbnRlciAoaU1DKSBQTEFULCBSZW1vdGUgQ29kZSBFeGVjdXRpb24NCg0KTk9USUNF
OiBUaGUgaW5mb3JtYXRpb24gaW4gdGhpcyBTZWN1cml0eSBCdWxsZXRpbiBzaG91bGQgYmUgYWN0
ZWQgdXBvbiBhcyBzb29uIGFzIHBvc3NpYmxlLg0KDQpSZWxlYXNlIERhdGU6IDIwMTctMDUtMTQN
Ckxhc3QgVXBkYXRlZDogMjAxNy0wNS0xNA0KDQpQb3RlbnRpYWwgU2VjdXJpdHkgSW1wYWN0OiBS
ZW1vdGU6IENvZGUgRXhlY3V0aW9uDQoNClNvdXJjZTogSGV3bGV0dCBQYWNrYXJkIEVudGVycHJp
c2UsIFByb2R1Y3QgU2VjdXJpdHkgUmVzcG9uc2UgVGVhbQ0KDQpWVUxORVJBQklMSVRZIFNVTU1B
UlkNClBvdGVudGlhbCBzZWN1cml0eSB2dWxuZXJhYmlsaXRpZXMgaGF2ZSBiZWVuIGlkZW50aWZp
ZWQgaW4gSFBFIEludGVsbGlnZW50IE1hbmFnZW1lbnQgQ2VudGVyIChpTUMpIFBMQVQuIFRoZSB2
dWxuZXJhYmlsaXRpZXMgY291bGQgYmUgZXhwbG9pdGVkIHJlbW90ZWx5IHRvIGFsbG93IGV4ZWN1
dGlvbiBvZiBjb2RlLg0KDQpSZWZlcmVuY2VzOg0KDQogIC0gQ1ZFLTIwMTctNTgyMA0KICAtIENW
RS0yMDE3LTU4MjENCiAgLSBDVkUtMjAxNy01ODIyDQogIC0gQ1ZFLTIwMTctNTgyMw0KDQpTVVBQ
T1JURUQgU09GVFdBUkUgVkVSU0lPTlMqOiBPTkxZIGltcGFjdGVkIHZlcnNpb25zIGFyZSBsaXN0
ZWQuDQoNCiAgLSBIUCBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoaU1DKSBBbGwgdmVy
c2lvbnMgcHJpb3IgdG8gSU1DIFBMQVQgNy4zDQpFMDUwNFAwNCAtIFBsZWFzZSByZWZlciB0byB0
aGUgUkVTT0xVVElPTiBiZWxvdyBmb3IgYSBsaXN0IG9mIGltcGFjdGVkIHByb2R1Y3RzLiANCg0K
QkFDS0dST1VORA0KDQogIENWU1MgQmFzZSBNZXRyaWNzDQogID09PT09PT09PT09PT09PT09DQog
IFJlZmVyZW5jZSwgQ1ZTUyBWMyBTY29yZS9WZWN0b3IsIENWU1MgVjIgU2NvcmUvVmVjdG9yDQoN
CiAgICBDVkUtMjAxNy01ODIwDQogICAgICA5LjggQ1ZTUzozLjAvQVY6Ti9BQzpML1BSOk4vVUk6
Ti9TOlUvQzpIL0k6SC9BOkgNCiAgICAgIDEwLjAgKEFWOk4vQUM6TC9BdTpOL0M6Qy9JOkMvQTpD
KQ0KDQogICAgQ1ZFLTIwMTctNTgyMQ0KICAgICAgOS44IENWU1M6My4wL0FWOk4vQUM6TC9QUjpO
L1VJOk4vUzpVL0M6SC9JOkgvQTpIDQogICAgICAxMC4wIChBVjpOL0FDOkwvQXU6Ti9DOkMvSTpD
L0E6QykNCg0KICAgIENWRS0yMDE3LTU4MjINCiAgICAgIDcuNSBDVlNTOjMuMC9BVjpOL0FDOkwv
UFI6Ti9VSTpOL1M6VS9DOk4vSTpIL0E6Tg0KICAgICAgNy44IChBVjpOL0FDOkwvQXU6Ti9DOk4v
STpDL0E6TikNCg0KICAgIENWRS0yMDE3LTU4MjMNCiAgICAgIDkuOCBDVlNTOjMuMC9BVjpOL0FD
OkwvUFI6Ti9VSTpOL1M6VS9DOkgvSTpIL0E6SA0KICAgICAgMTAuMCAoQVY6Ti9BQzpML0F1Ok4v
QzpDL0k6Qy9BOkMpDQoNCiAgICBJbmZvcm1hdGlvbiBvbiBDVlNTIGlzIGRvY3VtZW50ZWQgaW4N
CiAgICBIUEUgQ3VzdG9tZXIgTm90aWNlIEhQU04tMjAwOC0wMDIgaGVyZToNCg0KaHR0cHM6Ly9o
MjA1NjQud3d3Mi5ocGUuY29tL2hwc2MvZG9jL3B1YmxpYy9kaXNwbGF5P2RvY0lkPWVtcl9uYS1j
MDEzNDU0OTkNCg0KSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgdGhhbmtzIHN6dGl2aSBmb3Ig
d29ya2luZyB3aXRoIFRyZW5kIE1pY3JvJ3MgWmVybyBEYXkgSW5pdGlhdGl2ZSAoWkRJKSBmb3Ig
cmVwb3J0aW5nIHRoZXNlIHZ1bG5lcmFiaWxpdGllcyB0byBzZWN1cml0eS1hbGVydEBocGUuY29t
DQoNClJFU09MVVRJT04NCg0KSFBFIGhhcyBtYWRlIHRoZSBmb2xsb3dpbmcgc29mdHdhcmUgdXBk
YXRlIGF2YWlsYWJsZSB0byByZXNvbHZlIHRoZSB2dWxuZXJhYmlsaXRpZXMgaW4gdGhlIGlNQyBQ
TEFUIG5ldHdvcmsgcHJvZHVjdHMgbGlzdGVkLiANCg0KICArICoqaU1DIFBMQVQgLSBWZXJzaW9u
OiBGaXhlZCBpbiBJTUMgUExBVCA3LjMgRTA1MDRQMDQqKg0KICAgICogSFAgTmV0d29yayBQcm9k
dWN0cw0KICAgICAgLSBKRDEyNUEgIEhQIElNQyBTdGQgUy9XIFBsYXRmb3JtIHcvMTAwLW5vZGUN
CiAgICAgIC0gSkQxMjZBICBIUCBJTUMgRW50IFMvVyBQbGF0Zm9ybSB3LzEwMC1ub2RlDQogICAg
ICAtIEpEODA4QSAgSFAgSU1DIEVudCBQbGF0Zm9ybSB3LzEwMC1ub2RlIExpY2Vuc2UNCiAgICAg
IC0gSkQ4MTRBICAgSFAgQS1JTUMgRW50ZXJwcmlzZSBFZGl0aW9uIFNvZnR3YXJlIERWRCBNZWRp
YQ0KICAgICAgLSBKRDgxNUEgIEhQIElNQyBTdGQgUGxhdGZvcm0gdy8xMDAtbm9kZSBMaWNlbnNl
DQogICAgICAtIEpEODE2QSAgSFAgQS1JTUMgU3RhbmRhcmQgRWRpdGlvbiBTb2Z0d2FyZSBEVkQg
TWVkaWENCiAgICAgIC0gSkYyODhBQUUgIEhQIE5ldHdvcmsgRGlyZWN0b3IgdG8gSW50ZWxsaWdl
bnQgTWFuYWdlbWVudCBDZW50ZXIgVXBncmFkZSBFLUxUVQ0KICAgICAgLSBKRjI4OUFBRSAgSFAg
RW50ZXJwcmlzZSBNYW5hZ2VtZW50IFN5c3RlbSB0byBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENl
bnRlciBVcGdyYWRlIEUtTFRVDQogICAgICAtIEpGMzc3QSAgSFAgSU1DIFN0ZCBTL1cgUGxhdGZv
cm0gdy8xMDAtbm9kZSBMaWMNCiAgICAgIC0gSkYzNzdBQUUgIEhQIElNQyBTdGQgUy9XIFBsdGZy
bSB3LzEwMC1ub2RlIEUtTFRVDQogICAgICAtIEpGMzc4QSAgSFAgSU1DIEVudCBTL1cgUGxhdGZv
cm0gdy8yMDAtbm9kZSBMaWMNCiAgICAgIC0gSkYzNzhBQUUgIEhQIElNQyBFbnQgUy9XIFBsdGZy
bSB3LzIwMC1ub2RlIEUtTFRVDQogICAgICAtIEpHNTQ2QUFFICBIUCBJTUMgQmFzaWMgU1cgUGxh
dGZvcm0gdy81MC1ub2RlIEUtTFRVDQogICAgICAtIEpHNTQ4QUFFICBIUCBQQ00rIHRvIElNQyBC
c2MgVXBnciB3LzUwLW5vZGUgRS1MVFUNCiAgICAgIC0gSkc1NDlBQUUgIEhQIFBDTSsgdG8gSU1D
IFN0ZCBVcGdyIHcvMjAwLW5vZGUgRS1MVFUNCiAgICAgIC0gSkc3NDdBQUUgIEhQIElNQyBTdGQg
U1cgUGxhdCB3LyA1MCBOb2RlcyBFLUxUVQ0KICAgICAgLSBKRzc0OEFBRSAgSFAgSU1DIEVudCBT
VyBQbGF0IHcvIDUwIE5vZGVzIEUtTFRVDQogICAgICAtIEpHNzY4QUFFICBIUCBQQ00rIHRvIElN
QyBTdGQgVXBnIHcvIDIwMC1ub2RlIEUtTFRVDQogICAgICAtIEpHNTUwQUFFIEhQRSBQQ00rIE1v
YmlsaXR5IE1hbmFnZXIgdG8gSU1DIEJhc2ljIFdMQU4gUGxhdGZvcm0gVXBncmFkZSA1MC1ub2Rl
IGFuZCAxNTAtQVAgRS1MVFUNCiAgICAgIC0gSkc1OTBBQUUgSFBFIElNQyBCYXNpYyBXTEFOIE1h
bmFnZXIgU29mdHdhcmUgUGxhdGZvcm0gNTAgQWNjZXNzIFBvaW50IEUtTFRVDQogICAgICAtIEpH
NjYwQUFFIEhQIElNQyBTbWFydCBDb25uZWN0IHdpdGggV2lyZWxlc3MgTWFuYWdlciBWaXJ0dWFs
IEFwcGxpYW5jZSBFZGl0aW9uIEUtTFRVDQogICAgICAtIEpHNzY2QUFFIEhQIElNQyBTbWFydCBD
b25uZWN0IFZpcnR1YWwgQXBwbGlhbmNlIEVkaXRpb24gRS1MVFUNCiAgICAgIC0gSkc3NjdBQUUg
SFAgSU1DIFNtYXJ0IENvbm5lY3Qgd2l0aCBXaXJlbGVzcyBNYW5hZ2VyIFZpcnR1YWwgQXBwbGlh
bmNlIEVkaXRpb24gRS1MVFUNCiAgICAgIC0gSkc3NjhBQUUgSFBFIFBDTSsgdG8gSU1DIFN0YW5k
YXJkIFNvZnR3YXJlIFBsYXRmb3JtIFVwZ3JhZGUgd2l0aCAyMDAtbm9kZSBFLUxUVQ0KDQoqKk5v
dGU6KiogUGxlYXNlIGNvbnRhY3QgSFBFIFRlY2huaWNhbCBTdXBwb3J0IGlmIGFueSBhc3Npc3Rh
bmNlIGlzIG5lZWRlZCBhY3F1aXJpbmcgdGhlIHNvZnR3YXJlIHVwZGF0ZXMuDQoNCkhJU1RPUlkN
ClZlcnNpb246MSAocmV2LjEpIC0gMTEgTWF5IDIwMTcgSW5pdGlhbCByZWxlYXNlDQoNClRoaXJk
IFBhcnR5IFNlY3VyaXR5IFBhdGNoZXM6IFRoaXJkIHBhcnR5IHNlY3VyaXR5IHBhdGNoZXMgdGhh
dCBhcmUgdG8gYmUgaW5zdGFsbGVkIG9uIHN5c3RlbXMgcnVubmluZyBIZXdsZXR0IFBhY2thcmQg
RW50ZXJwcmlzZSAoSFBFKSBzb2Z0d2FyZSBwcm9kdWN0cyBzaG91bGQgYmUgYXBwbGllZCBpbiBh
Y2NvcmRhbmNlIHdpdGggdGhlIGN1c3RvbWVyJ3MgcGF0Y2ggbWFuYWdlbWVudCBwb2xpY3kuDQoN
ClN1cHBvcnQ6IEZvciBpc3N1ZXMgYWJvdXQgaW1wbGVtZW50aW5nIHRoZSByZWNvbW1lbmRhdGlv
bnMgb2YgdGhpcyBTZWN1cml0eSBCdWxsZXRpbiwgY29udGFjdCBub3JtYWwgSFBFIFNlcnZpY2Vz
IHN1cHBvcnQgY2hhbm5lbC4gRm9yIG90aGVyIGlzc3VlcyBhYm91dCB0aGUgY29udGVudCBvZiB0
aGlzIFNlY3VyaXR5IEJ1bGxldGluLCBzZW5kIGUtbWFpbCB0byBzZWN1cml0eS1hbGVydEBocGUu
Y29tLg0KDQpSZXBvcnQ6IFRvIHJlcG9ydCBhIHBvdGVudGlhbCBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IGZvciBhbnkgSFBFIHN1cHBvcnRlZA0KcHJvZHVjdDoNCiAgV2ViIGZvcm06IGh0dHBzOi8v
d3d3LmhwZS5jb20vaW5mby9yZXBvcnQtc2VjdXJpdHktdnVsbmVyYWJpbGl0eQ0KICBFbWFpbDog
c2VjdXJpdHktYWxlcnRAaHBlLmNvbQ0KDQpTdWJzY3JpYmU6IFRvIGluaXRpYXRlIGEgc3Vic2Ny
aXB0aW9uIHRvIHJlY2VpdmUgZnV0dXJlIEhQRSBTZWN1cml0eSBCdWxsZXRpbiBhbGVydHMgdmlh
IEVtYWlsOiBodHRwOi8vd3d3LmhwZS5jb20vc3VwcG9ydC9TdWJzY3JpYmVyX0Nob2ljZQ0KDQpT
ZWN1cml0eSBCdWxsZXRpbiBBcmNoaXZlOiBBIGxpc3Qgb2YgcmVjZW50bHkgcmVsZWFzZWQgU2Vj
dXJpdHkgQnVsbGV0aW5zIGlzIGF2YWlsYWJsZSBoZXJlOiBodHRwOi8vd3d3LmhwZS5jb20vc3Vw
cG9ydC9TZWN1cml0eV9CdWxsZXRpbl9BcmNoaXZlDQoNClNvZnR3YXJlIFByb2R1Y3QgQ2F0ZWdv
cnk6IFRoZSBTb2Z0d2FyZSBQcm9kdWN0IENhdGVnb3J5IGlzIHJlcHJlc2VudGVkIGluIHRoZSB0
aXRsZSBieSB0aGUgdHdvIGNoYXJhY3RlcnMgZm9sbG93aW5nIEhQU0IuDQoNCjNDID0gM0NPTQ0K
M1AgPSAzcmQgUGFydHkgU29mdHdhcmUNCkdOID0gSFBFIEdlbmVyYWwgU29mdHdhcmUNCkhGID0g
SFBFIEhhcmR3YXJlIGFuZCBGaXJtd2FyZQ0KTVUgPSBNdWx0aS1QbGF0Zm9ybSBTb2Z0d2FyZQ0K
TlMgPSBOb25TdG9wIFNlcnZlcnMNCk9WID0gT3BlblZNUw0KUFYgPSBQcm9DdXJ2ZQ0KU1QgPSBT
dG9yYWdlIFNvZnR3YXJlDQpVWCA9IEhQLVVYDQoNCkNvcHlyaWdodCAyMDE2IEhld2xldHQgUGFj
a2FyZCBFbnRlcnByaXNlDQoNCkhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIHNoYWxsIG5vdCBi
ZSBsaWFibGUgZm9yIHRlY2huaWNhbCBvciBlZGl0b3JpYWwgZXJyb3JzIG9yIG9taXNzaW9ucyBj
b250YWluZWQgaGVyZWluLiBUaGUgaW5mb3JtYXRpb24gcHJvdmlkZWQgaXMgcHJvdmlkZWQgImFz
IGlzIiB3aXRob3V0IHdhcnJhbnR5IG9mIGFueSBraW5kLiBUbyB0aGUgZXh0ZW50IHBlcm1pdHRl
ZCBieSBsYXcsIG5laXRoZXIgSFAgb3IgaXRzIGFmZmlsaWF0ZXMsIHN1YmNvbnRyYWN0b3JzIG9y
IHN1cHBsaWVycyB3aWxsIGJlIGxpYWJsZSBmb3IgaW5jaWRlbnRhbCxzcGVjaWFsIG9yIGNvbnNl
cXVlbnRpYWwgZGFtYWdlcyBpbmNsdWRpbmcgZG93bnRpbWUgY29zdDsgbG9zdCBwcm9maXRzOyBk
YW1hZ2VzIHJlbGF0aW5nIHRvIHRoZSBwcm9jdXJlbWVudCBvZiBzdWJzdGl0dXRlIHByb2R1Y3Rz
IG9yIHNlcnZpY2VzOyBvciBkYW1hZ2VzIGZvciBsb3NzIG9mIGRhdGEsIG9yIHNvZnR3YXJlIHJl
c3RvcmF0aW9uLiBUaGUgaW5mb3JtYXRpb24gaW4gdGhpcyBkb2N1bWVudCBpcyBzdWJqZWN0IHRv
IGNoYW5nZSB3aXRob3V0IG5vdGljZS4gSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgYW5kIHRo
ZSBuYW1lcyBvZiBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBwcm9kdWN0cyByZWZlcmVuY2Vk
IGhlcmVpbiBhcmUgdHJhZGVtYXJrcyBvZiBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBpbiB0
aGUgVW5pdGVkIFN0YXRlcyBhbmQgb3RoZXIgY291bnRyaWVzLiBPdGhlciBwcm9kdWN0IGFuZCBj
b21wYW55IG5hbWVzIG1lbnRpb25lZCBoZXJlaW4gbWF5IGJlIHRyYWRlbWFya3Mgb2YgdGhlaXIg
cmVzcGVjdGl2ZSBvd25lcnMuDQotLS0tLUJFR0lOIFBHUCBTSUdOQVRVUkUtLS0tLQ0KVmVyc2lv
bjogR251UEcgdjENCg0KaVFFY0JBRUJDQUFHQlFKWkdJRTJBQW9KRUxYaEF4dDdTWmFpakw0SC8z
UWplNytueVU3ajRZc3pDc29hUHh0Rw0KRllMdlpFanNZWlFvZUwrclo2M2pSNmVTUUx0Y0h2TnRy
S3ZkUnBvYVFEQy9ucXdGbTFid1lsbGxmMUxCVkFXTg0KUVRnVkQvci9RTkljTTJOMXFDRVkvQ2tR
b2tvU3JPOTQ1OHdlMGx1enJrOXdxREtTaDJ5YWNCbk0yZmJHN0E2bw0KZTdRc2xTWTdLU1paeDVD
UE9FZlE1VkFyUHBwWGR4T2paQS8yYW5GSUdJT2lseUJqdExRSENBcnpPb1M4ck9Zeg0KQWUvcFFL
WTBGMm9uN3phaXZuNlJpOHVFcHpnRWtJSzRuK2o4TUhJajRyZ0hSZWF5VVUrN1BnMzlHYVQzTmZ0
bg0Kb2tNVVU1V21JY2szVTZNcm5BSlNTT1dlMFNkNDBmMG1zU3UyZFdNS3QzKzREL2FpOGY2V0U1
WThvTzdrbjVJPQ0KPWRVSjANCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K