[security bulletin] HPESBGN03758 rev.1 - HPE UCMDB, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v
dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp
cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj
L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzU4ZW5fdXMN
Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j
dW1lbnQgSUQ6IGhwZXNiZ24wMzc1OGVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w
Mzc1OCByZXYuMSAtIEhQRSBVQ01EQiwgUmVtb3RlIENvZGUgRXhlY3V0aW9uDQoNCk5P
VElDRTogVGhlIGluZm9ybWF0aW9uIGluIHRoaXMgU2VjdXJpdHkgQnVsbGV0aW4gc2hv
dWxkIGJlIGFjdGVkIHVwb24gYXMNCnNvb24gYXMgcG9zc2libGUuDQoNClJlbGVhc2Ug
RGF0ZTogMjAxNy0wNi0wNw0KTGFzdCBVcGRhdGVkOiAyMDE3LTA2LTA3DQoNClBvdGVu
dGlhbCBTZWN1cml0eSBJbXBhY3Q6IFJlbW90ZTogQ29kZSBFeGVjdXRpb24NCg0KU291
cmNlOiBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSwgUHJvZHVjdCBTZWN1cml0eSBS
ZXNwb25zZSBUZWFtDQoNClZVTE5FUkFCSUxJVFkgU1VNTUFSWQ0KQSBwb3RlbnRpYWwg
c2VjdXJpdHkgdnVsbmVyYWJpbGl0eSBoYXMgYmVlbiBpZGVudGlmaWVkIGluIEhQRSBV
Q01EQi4gVGhlDQp2dWxuZXJhYmlsaXR5IGNvdWxkIGJlIHJlbW90ZWx5IGV4cGxvaXRl
ZCB0byBhbGxvdyBleGVjdXRpb24gb2YgY29kZS4NCg0KUmVmZXJlbmNlczoNCg0KICAt
IENWRS0yMDE3LTg5NDcgLSBSZW1vdGUgQ29kZSBFeGVjdXRpb24NCg0KU1VQUE9SVEVE
IFNPRlRXQVJFIFZFUlNJT05TKjogT05MWSBpbXBhY3RlZCB2ZXJzaW9ucyBhcmUgbGlz
dGVkLg0KDQogIC0gSFAgVUNNREIgQ29uZmlndXJhdGlvbiBNYW5hZ2VyIFNvZnR3YXJl
IC0gdjEwLjEwLCB2MTAuMTEsIHYxMC4yMCwgdjEwLjIxLA0KdjEwLjIyLCB2MTAuMzAs
IHYxMC4zMQ0KDQpCQUNLR1JPVU5EDQoNCiAgQ1ZTUyBCYXNlIE1ldHJpY3MNCiAgPT09
PT09PT09PT09PT09PT0NCiAgUmVmZXJlbmNlLCBDVlNTIFYzIFNjb3JlL1ZlY3Rvciwg
Q1ZTUyBWMiBTY29yZS9WZWN0b3INCg0KICAgIENWRS0yMDE3LTg5NDcNCiAgICAgIDEw
LjAgQ1ZTUzozLjAvQVY6Ti9BQzpML1BSOk4vVUk6Ti9TOkMvQzpIL0k6SC9BOkgNCiAg
ICAgIDcuNSAoQVY6Ti9BQzpML0F1Ok4vQzpQL0k6UC9BOlApDQoNCiAgICBJbmZvcm1h
dGlvbiBvbiBDVlNTIGlzIGRvY3VtZW50ZWQgaW4NCiAgICBIUEUgQ3VzdG9tZXIgTm90
aWNlIEhQU04tMjAwOC0wMDIgaGVyZToNCg0KaHR0cHM6Ly9oMjA1NjQud3d3Mi5ocGUu
Y29tL2hwc2MvZG9jL3B1YmxpYy9kaXNwbGF5P2RvY0lkPWVtcl9uYS1jMDEzNDU0OTkN
Cg0KUkVTT0xVVElPTg0KDQpIUEUgaGFzIG1hZGUgdGhlIGZvbGxvd2luZyBzb2Z0d2Fy
ZSB1cGRhdGVzIGFuZCBtaXRpZ2F0aW9uIGluZm9ybWF0aW9uIHRvDQpyZXNvbHZlIHRo
ZSB2dWxuZXJhYmlsaXR5IGluIEhQRSBVQ01EQjoNCg0KKg0KPGh0dHBzOi8vc29mdHdh
cmVzdXBwb3J0LmhwZS5jb20vZ3JvdXAvc29mdHdhcmVzdXBwb3J0L3NlYXJjaC1yZXN1
bHQvLS9mYWNldHMNCmFyY2gvZG9jdW1lbnQvS00wMjc5MjU2Nz4NCg0KSElTVE9SWQ0K
VmVyc2lvbjoxIChyZXYuMSkgLSA3IEp1bmUgMjAxNyBJbml0aWFsIHJlbGVhc2UNCg0K
VGhpcmQgUGFydHkgU2VjdXJpdHkgUGF0Y2hlczogVGhpcmQgcGFydHkgc2VjdXJpdHkg
cGF0Y2hlcyB0aGF0IGFyZSB0byBiZQ0KaW5zdGFsbGVkIG9uIHN5c3RlbXMgcnVubmlu
ZyBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSAoSFBFKSBzb2Z0d2FyZQ0KcHJvZHVj
dHMgc2hvdWxkIGJlIGFwcGxpZWQgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBjdXN0b21l
cidzIHBhdGNoIG1hbmFnZW1lbnQNCnBvbGljeS4NCg0KU3VwcG9ydDogRm9yIGlzc3Vl
cyBhYm91dCBpbXBsZW1lbnRpbmcgdGhlIHJlY29tbWVuZGF0aW9ucyBvZiB0aGlzIFNl
Y3VyaXR5DQpCdWxsZXRpbiwgY29udGFjdCBub3JtYWwgSFBFIFNlcnZpY2VzIHN1cHBv
cnQgY2hhbm5lbC4gRm9yIG90aGVyIGlzc3VlcyBhYm91dA0KdGhlIGNvbnRlbnQgb2Yg
dGhpcyBTZWN1cml0eSBCdWxsZXRpbiwgc2VuZCBlLW1haWwgdG8gc2VjdXJpdHktYWxl
cnRAaHBlLmNvbS4NCg0KUmVwb3J0OiBUbyByZXBvcnQgYSBwb3RlbnRpYWwgc2VjdXJp
dHkgdnVsbmVyYWJpbGl0eSBmb3IgYW55IEhQRSBzdXBwb3J0ZWQNCnByb2R1Y3Q6DQog
IFdlYiBmb3JtOiBodHRwczovL3d3dy5ocGUuY29tL2luZm8vcmVwb3J0LXNlY3VyaXR5
LXZ1bG5lcmFiaWxpdHkNCiAgRW1haWw6IHNlY3VyaXR5LWFsZXJ0QGhwZS5jb20NCg0K
U3Vic2NyaWJlOiBUbyBpbml0aWF0ZSBhIHN1YnNjcmlwdGlvbiB0byByZWNlaXZlIGZ1
dHVyZSBIUEUgU2VjdXJpdHkgQnVsbGV0aW4NCmFsZXJ0cyB2aWEgRW1haWw6IGh0dHA6
Ly93d3cuaHBlLmNvbS9zdXBwb3J0L1N1YnNjcmliZXJfQ2hvaWNlDQoNClNlY3VyaXR5
IEJ1bGxldGluIEFyY2hpdmU6IEEgbGlzdCBvZiByZWNlbnRseSByZWxlYXNlZCBTZWN1
cml0eSBCdWxsZXRpbnMgaXMNCmF2YWlsYWJsZSBoZXJlOiBodHRwOi8vd3d3LmhwZS5j
b20vc3VwcG9ydC9TZWN1cml0eV9CdWxsZXRpbl9BcmNoaXZlDQoNClNvZnR3YXJlIFBy
b2R1Y3QgQ2F0ZWdvcnk6IFRoZSBTb2Z0d2FyZSBQcm9kdWN0IENhdGVnb3J5IGlzIHJl
cHJlc2VudGVkIGluDQp0aGUgdGl0bGUgYnkgdGhlIHR3byBjaGFyYWN0ZXJzIGZvbGxv
d2luZyBIUFNCLg0KDQozQyA9IDNDT00NCjNQID0gM3JkIFBhcnR5IFNvZnR3YXJlDQpH
TiA9IEhQRSBHZW5lcmFsIFNvZnR3YXJlDQpIRiA9IEhQRSBIYXJkd2FyZSBhbmQgRmly
bXdhcmUNCk1VID0gTXVsdGktUGxhdGZvcm0gU29mdHdhcmUNCk5TID0gTm9uU3RvcCBT
ZXJ2ZXJzDQpPViA9IE9wZW5WTVMNClBWID0gUHJvQ3VydmUNClNUID0gU3RvcmFnZSBT
b2Z0d2FyZQ0KVVggPSBIUC1VWA0KDQpDb3B5cmlnaHQgMjAxNiBIZXdsZXR0IFBhY2th
cmQgRW50ZXJwcmlzZQ0KDQpIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBzaGFsbCBu
b3QgYmUgbGlhYmxlIGZvciB0ZWNobmljYWwgb3IgZWRpdG9yaWFsDQplcnJvcnMgb3Ig
b21pc3Npb25zIGNvbnRhaW5lZCBoZXJlaW4uIFRoZSBpbmZvcm1hdGlvbiBwcm92aWRl
ZCBpcyBwcm92aWRlZA0KImFzIGlzIiB3aXRob3V0IHdhcnJhbnR5IG9mIGFueSBraW5k
LiBUbyB0aGUgZXh0ZW50IHBlcm1pdHRlZCBieSBsYXcsIG5laXRoZXINCkhQIG9yIGl0
cyBhZmZpbGlhdGVzLCBzdWJjb250cmFjdG9ycyBvciBzdXBwbGllcnMgd2lsbCBiZSBs
aWFibGUgZm9yDQppbmNpZGVudGFsLHNwZWNpYWwgb3IgY29uc2VxdWVudGlhbCBkYW1h
Z2VzIGluY2x1ZGluZyBkb3dudGltZSBjb3N0OyBsb3N0DQpwcm9maXRzOyBkYW1hZ2Vz
IHJlbGF0aW5nIHRvIHRoZSBwcm9jdXJlbWVudCBvZiBzdWJzdGl0dXRlIHByb2R1Y3Rz
IG9yDQpzZXJ2aWNlczsgb3IgZGFtYWdlcyBmb3IgbG9zcyBvZiBkYXRhLCBvciBzb2Z0
d2FyZSByZXN0b3JhdGlvbi4gVGhlDQppbmZvcm1hdGlvbiBpbiB0aGlzIGRvY3VtZW50
IGlzIHN1YmplY3QgdG8gY2hhbmdlIHdpdGhvdXQgbm90aWNlLiBIZXdsZXR0DQpQYWNr
YXJkIEVudGVycHJpc2UgYW5kIHRoZSBuYW1lcyBvZiBIZXdsZXR0IFBhY2thcmQgRW50
ZXJwcmlzZSBwcm9kdWN0cw0KcmVmZXJlbmNlZCBoZXJlaW4gYXJlIHRyYWRlbWFya3Mg
b2YgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgaW4gdGhlIFVuaXRlZA0KU3RhdGVz
IGFuZCBvdGhlciBjb3VudHJpZXMuIE90aGVyIHByb2R1Y3QgYW5kIGNvbXBhbnkgbmFt
ZXMgbWVudGlvbmVkIGhlcmVpbg0KbWF5IGJlIHRyYWRlbWFya3Mgb2YgdGhlaXIgcmVz
cGVjdGl2ZSBvd25lcnMuDQotLS0tLUJFR0lOIFBHUCBTSUdOQVRVUkUtLS0tLQpWZXJz
aW9uOiBHbnVQRyB2MQoKaVFFY0JBRUJDQUFHQlFKWk9HRmdBQW9KRUxYaEF4dDdTWmFp
cElJSC8xbFpTeWdnaTdqVVRUL282eDl5VFE1WQpmZjRlempadU5OTGw1NFN4VVVQY0VV
YlcvMytleUVRcDdhTWtDSW9xM2JEYml0cXhDOGhjbmxsdElEcUlGdWJmCmNLcUxKL2ls
K1VhZXhNVTlhVkl4eUwwbDhtZjBwRzhvR1JtT3k4UExHbzhhL3ZFZWxvclNvQmRwejdP
MU1qenMKd2FGdVFQTnJEU3FuZlRPZDhFaVN6NkNTekFkTWZaRmlBakk0WldQZHR1U0lx
WHR3cFg2cVNrdFNsV2NWM21OVApGNjUzWklmSm1tYlB3amNYQzMrOFY3Q042M0tuMjJG
WER0TFUrcHJDVThCUEhqUVRlTjdnK2YwcG1tVWlzSXNLCmNyRzh3UUh6WmpRRy9BOTBM
NmtvZ1hZdFJjRmVzMGJ2VEo2UlMyZ0x6VWgxVkorRi9JaUFBQkU0Wkl5VWV6dz0KPWVS
aDcKLS0tLS1FTkQgUEdQIFNJR05BVFVSRS0tLS0tCg==