[security bulletin] HPESBHF03745 rev.2 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

DQotLS0tLUJFR0lOIFBHUCBTSUdORUQgTUVTU0FHRS0tLS0tDQpIYXNoOiBTSEEyNTYNCg0KTm90
ZTogdGhlIGN1cnJlbnQgdmVyc2lvbiBvZiB0aGUgZm9sbG93aW5nIGRvY3VtZW50IGlzIGF2YWls
YWJsZSBoZXJlOg0KaHR0cHM6Ly9oMjA1NjQud3d3Mi5ocGUuY29tL2hwc2MvZG9jL3B1YmxpYy9k
aXNwbGF5P2RvY0lkPWVtcl9uYS1ocGVzYmhmMDM3NDVlbl91cw0KDQpTVVBQT1JUIENPTU1VTklD
QVRJT04gLSBTRUNVUklUWSBCVUxMRVRJTg0KDQpEb2N1bWVudCBJRDogaHBlc2JoZjAzNzQ1ZW5f
dXMNClZlcnNpb246IDINCg0KSFBFU0JIRjAzNzQ1IHJldi4yIC0gSFBFIEludGVsbGlnZW50IE1h
bmFnZW1lbnQgQ2VudGVyIChpTUMpIFBMQVQsIFJlbW90ZSBDb2RlIEV4ZWN1dGlvbg0KDQpOT1RJ
Q0U6IFRoZSBpbmZvcm1hdGlvbiBpbiB0aGlzIFNlY3VyaXR5IEJ1bGxldGluIHNob3VsZCBiZSBh
Y3RlZCB1cG9uIGFzIHNvb24gYXMgcG9zc2libGUuDQoNClJlbGVhc2UgRGF0ZTogMjAxNy0wNi0y
Nw0KTGFzdCBVcGRhdGVkOiAyMDE3LTA2LTI2DQoNClBvdGVudGlhbCBTZWN1cml0eSBJbXBhY3Q6
IFJlbW90ZTogQ29kZSBFeGVjdXRpb24NCg0KU291cmNlOiBIZXdsZXR0IFBhY2thcmQgRW50ZXJw
cmlzZSwgUHJvZHVjdCBTZWN1cml0eSBSZXNwb25zZSBUZWFtDQoNClZVTE5FUkFCSUxJVFkgU1VN
TUFSWQ0KUG90ZW50aWFsIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcyBoYXZlIGJlZW4gaWRlbnRp
ZmllZCBpbiBIUEUgSW50ZWxsaWdlbnQgTWFuYWdlbWVudCBDZW50ZXIgKGlNQykgUExBVC4gVGhl
IHZ1bG5lcmFiaWxpdGllcyBjb3VsZCBiZSBleHBsb2l0ZWQgcmVtb3RlbHkgdG8gYWxsb3cgZXhl
Y3V0aW9uIG9mIGNvZGUuDQoNClJlZmVyZW5jZXM6DQoNCiAgLSBDVkUtMjAxNy01ODE2DQogIC0g
Q1ZFLTIwMTctNTgxNw0KICAtIENWRS0yMDE3LTU4MTgNCiAgLSBDVkUtMjAxNy01ODE5DQogIC0g
Q1ZFLTIwMTctODk0OCAtIFpESS1DQU4tNDM2OA0KDQpTVVBQT1JURUQgU09GVFdBUkUgVkVSU0lP
TlMqOiBPTkxZIGltcGFjdGVkIHZlcnNpb25zIGFyZSBsaXN0ZWQuDQoNCiAgLSBIUCBJbnRlbGxp
Z2VudCBNYW5hZ2VtZW50IENlbnRlciAoaU1DKSBBbGwgdmVyc2lvbiBwcmlvciB0byBJTUMgUExB
VCA3LjMNCkUwNTA0UDA0IC0gUGxlYXNlIHJlZmVyIHRvIHRoZSBSRVNPTFVUSU9OIGJlbG93IGZv
ciBhIGxpc3Qgb2YgaW1wYWN0ZWQgcHJvZHVjdHMuIA0KDQpCQUNLR1JPVU5EDQoNCiAgQ1ZTUyBC
YXNlIE1ldHJpY3MNCiAgPT09PT09PT09PT09PT09PT0NCiAgUmVmZXJlbmNlLCBDVlNTIFYzIFNj
b3JlL1ZlY3RvciwgQ1ZTUyBWMiBTY29yZS9WZWN0b3INCg0KICAgIENWRS0yMDE3LTU4MTYNCiAg
ICAgIDkuOCBDVlNTOjMuMC9BVjpOL0FDOkwvUFI6Ti9VSTpOL1M6VS9DOkgvSTpIL0E6SA0KICAg
ICAgMTAuMCAoQVY6Ti9BQzpML0F1Ok4vQzpDL0k6Qy9BOkMpDQoNCiAgICBDVkUtMjAxNy01ODE3
DQogICAgICA5LjggQ1ZTUzozLjAvQVY6Ti9BQzpML1BSOk4vVUk6Ti9TOlUvQzpIL0k6SC9BOkgN
CiAgICAgIDEwLjAgKEFWOk4vQUM6TC9BdTpOL0M6Qy9JOkMvQTpDKQ0KDQogICAgQ1ZFLTIwMTct
NTgxOA0KICAgICAgNy41IENWU1M6My4wL0FWOk4vQUM6TC9QUjpOL1VJOk4vUzpVL0M6Ti9JOk4v
QTpIDQogICAgICA3LjggKEFWOk4vQUM6TC9BdTpOL0M6Ti9JOk4vQTpDKQ0KDQogICAgQ1ZFLTIw
MTctNTgxOQ0KICAgICAgOS44IENWU1M6My4wL0FWOk4vQUM6TC9QUjpOL1VJOk4vUzpVL0M6SC9J
OkgvQTpIDQogICAgICAxMC4wIChBVjpOL0FDOkwvQXU6Ti9DOkMvSTpDL0E6QykNCg0KICAgIENW
RS0yMDE3LTg5NDgNCiAgICAgIDkuOCBDVlNTOjMuMC9BVjpOL0FDOkwvUFI6Ti9VSTpOL1M6VS9D
OkgvSTpIL0E6SA0KICAgICAgMTAuMCAoQVY6Ti9BQzpML0F1Ok4vQzpDL0k6Qy9BOkMpDQoNCiAg
ICBJbmZvcm1hdGlvbiBvbiBDVlNTIGlzIGRvY3VtZW50ZWQgaW4NCiAgICBIUEUgQ3VzdG9tZXIg
Tm90aWNlIEhQU04tMjAwOC0wMDIgaGVyZToNCg0KaHR0cHM6Ly9oMjA1NjQud3d3Mi5ocGUuY29t
L2hwc2MvZG9jL3B1YmxpYy9kaXNwbGF5P2RvY0lkPWVtcl9uYS1jMDEzNDU0OTkNCg0KSGV3bGV0
dCBQYWNrYXJkIEVudGVycHJpc2UgdGhhbmtzIHN6dGl2aSBmb3Igd29ya2luZyB3aXRoIFRyZW5k
IE1pY3JvJ3MgWmVybyBEYXkgSW5pdGlhdGl2ZSAoWkRJKSBmb3IgcmVwb3J0aW5nIHRoZXNlIHZ1
bG5lcmFiaWxpdGllcyB0byBzZWN1cml0eS1hbGVydEBocGUuY29tDQoNClJFU09MVVRJT04NCg0K
SFBFIGhhcyBtYWRlIHRoZSBmb2xsb3dpbmcgc29mdHdhcmUgdXBkYXRlIGF2YWlsYWJsZSB0byBy
ZXNvbHZlIHRoZSB2dWxuZXJhYmlsaXRpZXMgaW4gdGhlIGlNQyBQTEFUIG5ldHdvcmsgcHJvZHVj
dHMgbGlzdGVkLiANCg0KICArICoqaU1DIFBMQVQgLSBWZXJzaW9uOiBGaXhlZCBpbiBJTUMgUExB
VCA3LjMgRTA1MDRQMDQqKg0KICAgICogSFAgTmV0d29yayBQcm9kdWN0cw0KICAgICAgLSBKRDEy
NUEgIEhQIElNQyBTdGQgUy9XIFBsYXRmb3JtIHcvMTAwLW5vZGUNCiAgICAgIC0gSkQxMjZBICBI
UCBJTUMgRW50IFMvVyBQbGF0Zm9ybSB3LzEwMC1ub2RlDQogICAgICAtIEpEODA4QSAgSFAgSU1D
IEVudCBQbGF0Zm9ybSB3LzEwMC1ub2RlIExpY2Vuc2UNCiAgICAgIC0gSkQ4MTRBICAgSFAgQS1J
TUMgRW50ZXJwcmlzZSBFZGl0aW9uIFNvZnR3YXJlIERWRCBNZWRpYQ0KICAgICAgLSBKRDgxNUEg
IEhQIElNQyBTdGQgUGxhdGZvcm0gdy8xMDAtbm9kZSBMaWNlbnNlDQogICAgICAtIEpEODE2QSAg
SFAgQS1JTUMgU3RhbmRhcmQgRWRpdGlvbiBTb2Z0d2FyZSBEVkQgTWVkaWENCiAgICAgIC0gSkYy
ODhBQUUgIEhQIE5ldHdvcmsgRGlyZWN0b3IgdG8gSW50ZWxsaWdlbnQgTWFuYWdlbWVudCBDZW50
ZXIgVXBncmFkZSBFLUxUVQ0KICAgICAgLSBKRjI4OUFBRSAgSFAgRW50ZXJwcmlzZSBNYW5hZ2Vt
ZW50IFN5c3RlbSB0byBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciBVcGdyYWRlIEUtTFRV
DQogICAgICAtIEpGMzc3QSAgSFAgSU1DIFN0ZCBTL1cgUGxhdGZvcm0gdy8xMDAtbm9kZSBMaWMN
CiAgICAgIC0gSkYzNzdBQUUgIEhQIElNQyBTdGQgUy9XIFBsdGZybSB3LzEwMC1ub2RlIEUtTFRV
DQogICAgICAtIEpGMzc4QSAgSFAgSU1DIEVudCBTL1cgUGxhdGZvcm0gdy8yMDAtbm9kZSBMaWMN
CiAgICAgIC0gSkYzNzhBQUUgIEhQIElNQyBFbnQgUy9XIFBsdGZybSB3LzIwMC1ub2RlIEUtTFRV
DQogICAgICAtIEpHNTQ2QUFFICBIUCBJTUMgQmFzaWMgU1cgUGxhdGZvcm0gdy81MC1ub2RlIEUt
TFRVDQogICAgICAtIEpHNTQ4QUFFICBIUCBQQ00rIHRvIElNQyBCc2MgVXBnciB3LzUwLW5vZGUg
RS1MVFUNCiAgICAgIC0gSkc1NDlBQUUgIEhQIFBDTSsgdG8gSU1DIFN0ZCBVcGdyIHcvMjAwLW5v
ZGUgRS1MVFUNCiAgICAgIC0gSkc3NDdBQUUgIEhQIElNQyBTdGQgU1cgUGxhdCB3LyA1MCBOb2Rl
cyBFLUxUVQ0KICAgICAgLSBKRzc0OEFBRSAgSFAgSU1DIEVudCBTVyBQbGF0IHcvIDUwIE5vZGVz
IEUtTFRVDQogICAgICAtIEpHNzY4QUFFICBIUCBQQ00rIHRvIElNQyBTdGQgVXBnIHcvIDIwMC1u
b2RlIEUtTFRVDQogICAgICAtIEpHNTUwQUFFIEhQRSBQQ00rIE1vYmlsaXR5IE1hbmFnZXIgdG8g
SU1DIEJhc2ljIFdMQU4gUGxhdGZvcm0gVXBncmFkZSA1MC1ub2RlIGFuZCAxNTAtQVAgRS1MVFUN
CiAgICAgIC0gSkc1OTBBQUUgSFBFIElNQyBCYXNpYyBXTEFOIE1hbmFnZXIgU29mdHdhcmUgUGxh
dGZvcm0gNTAgQWNjZXNzIFBvaW50IEUtTFRVDQogICAgICAtIEpHNjYwQUFFIEhQIElNQyBTbWFy
dCBDb25uZWN0IHdpdGggV2lyZWxlc3MgTWFuYWdlciBWaXJ0dWFsIEFwcGxpYW5jZSBFZGl0aW9u
IEUtTFRVDQogICAgICAtIEpHNzY2QUFFIEhQIElNQyBTbWFydCBDb25uZWN0IFZpcnR1YWwgQXBw
bGlhbmNlIEVkaXRpb24gRS1MVFUNCiAgICAgIC0gSkc3NjdBQUUgSFAgSU1DIFNtYXJ0IENvbm5l
Y3Qgd2l0aCBXaXJlbGVzcyBNYW5hZ2VyIFZpcnR1YWwgQXBwbGlhbmNlIEVkaXRpb24gRS1MVFUN
CiAgICAgIC0gSkc3NjhBQUUgSFBFIFBDTSsgdG8gSU1DIFN0YW5kYXJkIFNvZnR3YXJlIFBsYXRm
b3JtIFVwZ3JhZGUgd2l0aCAyMDAtbm9kZSBFLUxUVQ0KDQoqKk5vdGU6KiogUGxlYXNlIGNvbnRh
Y3QgSFBFIFRlY2huaWNhbCBTdXBwb3J0IGlmIGFueSBhc3Npc3RhbmNlIGlzIG5lZWRlZCBhY3F1
aXJpbmcgdGhlIHNvZnR3YXJlIHVwZGF0ZXMuDQoNCkhJU1RPUlkNCg0KVmVyc2lvbjoxIChyZXYu
MSkgLSAxMSBNYXkgMjAxNyBJbml0aWFsIHJlbGVhc2UNCg0KVmVyc2lvbjoyIChyZXYuMikgLSAy
NiBKdW5lIDIwMTcgQWRkaW5nIFpESS1DQU4tNDM2OCB0byBTZWN1cml0eSBCdWxsZXRpbi4NCg0K
DQpUaGlyZCBQYXJ0eSBTZWN1cml0eSBQYXRjaGVzOiBUaGlyZCBwYXJ0eSBzZWN1cml0eSBwYXRj
aGVzIHRoYXQgYXJlIHRvIGJlIGluc3RhbGxlZCBvbiBzeXN0ZW1zIHJ1bm5pbmcgSGV3bGV0dCBQ
YWNrYXJkIEVudGVycHJpc2UgKEhQRSkgc29mdHdhcmUgcHJvZHVjdHMgc2hvdWxkIGJlIGFwcGxp
ZWQgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBjdXN0b21lcidzIHBhdGNoIG1hbmFnZW1lbnQgcG9s
aWN5Lg0KDQpTdXBwb3J0OiBGb3IgaXNzdWVzIGFib3V0IGltcGxlbWVudGluZyB0aGUgcmVjb21t
ZW5kYXRpb25zIG9mIHRoaXMgU2VjdXJpdHkgQnVsbGV0aW4sIGNvbnRhY3Qgbm9ybWFsIEhQRSBT
ZXJ2aWNlcyBzdXBwb3J0IGNoYW5uZWwuIEZvciBvdGhlciBpc3N1ZXMgYWJvdXQgdGhlIGNvbnRl
bnQgb2YgdGhpcyBTZWN1cml0eSBCdWxsZXRpbiwgc2VuZCBlLW1haWwgdG8gc2VjdXJpdHktYWxl
cnRAaHBlLmNvbS4NCg0KUmVwb3J0OiBUbyByZXBvcnQgYSBwb3RlbnRpYWwgc2VjdXJpdHkgdnVs
bmVyYWJpbGl0eSBmb3IgYW55IEhQRSBzdXBwb3J0ZWQNCnByb2R1Y3Q6DQogIFdlYiBmb3JtOiBo
dHRwczovL3d3dy5ocGUuY29tL2luZm8vcmVwb3J0LXNlY3VyaXR5LXZ1bG5lcmFiaWxpdHkNCiAg
RW1haWw6IHNlY3VyaXR5LWFsZXJ0QGhwZS5jb20NCg0KU3Vic2NyaWJlOiBUbyBpbml0aWF0ZSBh
IHN1YnNjcmlwdGlvbiB0byByZWNlaXZlIGZ1dHVyZSBIUEUgU2VjdXJpdHkgQnVsbGV0aW4gYWxl
cnRzIHZpYSBFbWFpbDogaHR0cDovL3d3dy5ocGUuY29tL3N1cHBvcnQvU3Vic2NyaWJlcl9DaG9p
Y2UNCg0KU2VjdXJpdHkgQnVsbGV0aW4gQXJjaGl2ZTogQSBsaXN0IG9mIHJlY2VudGx5IHJlbGVh
c2VkIFNlY3VyaXR5IEJ1bGxldGlucyBpcyBhdmFpbGFibGUgaGVyZTogaHR0cDovL3d3dy5ocGUu
Y29tL3N1cHBvcnQvU2VjdXJpdHlfQnVsbGV0aW5fQXJjaGl2ZQ0KDQpTb2Z0d2FyZSBQcm9kdWN0
IENhdGVnb3J5OiBUaGUgU29mdHdhcmUgUHJvZHVjdCBDYXRlZ29yeSBpcyByZXByZXNlbnRlZCBp
biB0aGUgdGl0bGUgYnkgdGhlIHR3byBjaGFyYWN0ZXJzIGZvbGxvd2luZyBIUFNCLg0KDQozQyA9
IDNDT00NCjNQID0gM3JkIFBhcnR5IFNvZnR3YXJlDQpHTiA9IEhQRSBHZW5lcmFsIFNvZnR3YXJl
DQpIRiA9IEhQRSBIYXJkd2FyZSBhbmQgRmlybXdhcmUNCk1VID0gTXVsdGktUGxhdGZvcm0gU29m
dHdhcmUNCk5TID0gTm9uU3RvcCBTZXJ2ZXJzDQpPViA9IE9wZW5WTVMNClBWID0gUHJvQ3VydmUN
ClNUID0gU3RvcmFnZSBTb2Z0d2FyZQ0KVVggPSBIUC1VWA0KDQpDb3B5cmlnaHQgMjAxNiBIZXds
ZXR0IFBhY2thcmQgRW50ZXJwcmlzZQ0KDQpIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBzaGFs
bCBub3QgYmUgbGlhYmxlIGZvciB0ZWNobmljYWwgb3IgZWRpdG9yaWFsIGVycm9ycyBvciBvbWlz
c2lvbnMgY29udGFpbmVkIGhlcmVpbi4gVGhlIGluZm9ybWF0aW9uIHByb3ZpZGVkIGlzIHByb3Zp
ZGVkICJhcyBpcyIgd2l0aG91dCB3YXJyYW50eSBvZiBhbnkga2luZC4gVG8gdGhlIGV4dGVudCBw
ZXJtaXR0ZWQgYnkgbGF3LCBuZWl0aGVyIEhQIG9yIGl0cyBhZmZpbGlhdGVzLCBzdWJjb250cmFj
dG9ycyBvciBzdXBwbGllcnMgd2lsbCBiZSBsaWFibGUgZm9yIGluY2lkZW50YWwsc3BlY2lhbCBv
ciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgaW5jbHVkaW5nIGRvd250aW1lIGNvc3Q7IGxvc3QgcHJv
Zml0czsgZGFtYWdlcyByZWxhdGluZyB0byB0aGUgcHJvY3VyZW1lbnQgb2Ygc3Vic3RpdHV0ZSBw
cm9kdWN0cyBvciBzZXJ2aWNlczsgb3IgZGFtYWdlcyBmb3IgbG9zcyBvZiBkYXRhLCBvciBzb2Z0
d2FyZSByZXN0b3JhdGlvbi4gVGhlIGluZm9ybWF0aW9uIGluIHRoaXMgZG9jdW1lbnQgaXMgc3Vi
amVjdCB0byBjaGFuZ2Ugd2l0aG91dCBub3RpY2UuIEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNl
IGFuZCB0aGUgbmFtZXMgb2YgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgcHJvZHVjdHMgcmVm
ZXJlbmNlZCBoZXJlaW4gYXJlIHRyYWRlbWFya3Mgb2YgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJp
c2UgaW4gdGhlIFVuaXRlZCBTdGF0ZXMgYW5kIG90aGVyIGNvdW50cmllcy4gT3RoZXIgcHJvZHVj
dCBhbmQgY29tcGFueSBuYW1lcyBtZW50aW9uZWQgaGVyZWluIG1heSBiZSB0cmFkZW1hcmtzIG9m
IHRoZWlyIHJlc3BlY3RpdmUgb3duZXJzLg0KLS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0N
ClZlcnNpb246IEdudVBHIHYxDQoNCmlRRWNCQUVCQ0FBR0JRSlpVcFJqQUFvSkVMWGhBeHQ3U1ph
aXRMa0gvaTVVNSt5SVJ4RmxsOXRPMlFSRFJLdk4NCkpoRnhkSGZyK1QwYmVLV2VMaHBjdVBjTjZ2
clBzUFE2MG95ZUh6THV6N0hoV0lTU2VhVThxSUhsNDRHalRnUE0NCm5JeVk1MTVTT2tBbVNGQU5C
WVI1Q2FYU3Y5Tnh1eE4vL3FlNU1EYjlzSmJDSG9Xa3J2S0o4ZW9yWDBQaTRPV0MNCnlxbG1xM2Ix
VmlzajhBZlZYNWNZR1RvRkx3bUNnYnozUTJ6VVlLbE5OdldTZlpWWTE1Rms5MzF4dGltSGJFWkYN
CjN1SE5mT1hIOUNMOUhoS1RMeXVDd21KWUsyekNqTmxWZElDRFJxTzEySVN6ZmZBWWw3SmRNR2sy
MkVYZDVCQ3gNCmZPTG5rSVNFWUlOSW1PbnFJOHBCdUlXTE8wSUgxMmNZQnh1dElubkdKWXNSMmQ5
aFRPYkVoMVhPMzczc2dtbz0NCj1Ua1ZMDQotLS0tLUVORCBQR1AgU0lHTkFUVVJFLS0tLS0NCg==