[security bulletin] HPESBGN03762 rev.1 - HPE Network Node Manager i (NNMi) Software, Remote Bypass Security Restrictions, Cross-Site Scripting (XSS), URL Redirection

DQotLS0tLUJFR0lOIFBHUCBTSUdORUQgTUVTU0FHRS0tLS0tDQpIYXNoOiBTSEEyNTYNCg0KTm90
ZTogdGhlIGN1cnJlbnQgdmVyc2lvbiBvZiB0aGUgZm9sbG93aW5nIGRvY3VtZW50IGlzIGF2YWls
YWJsZSBoZXJlOg0KaHR0cHM6Ly9oMjA1NjQud3d3Mi5ocGUuY29tL2hwc2MvZG9jL3B1YmxpYy9k
aXNwbGF5P2RvY0lkPWVtcl9uYS1ocGVzYmduMDM3NjJlbl91cw0KDQpTVVBQT1JUIENPTU1VTklD
QVRJT04gLSBTRUNVUklUWSBCVUxMRVRJTg0KDQpEb2N1bWVudCBJRDogaHBlc2JnbjAzNzYyZW5f
dXMNClZlcnNpb246IDENCg0KSFBFU0JHTjAzNzYyIHJldi4xIC0gSFBFIE5ldHdvcmsgTm9kZSBN
YW5hZ2VyIGkgKE5OTWkpIFNvZnR3YXJlLCBSZW1vdGUgQnlwYXNzIFNlY3VyaXR5IFJlc3RyaWN0
aW9ucywgQ3Jvc3MtU2l0ZSBTY3JpcHRpbmcgKFhTUyksIFVSTCBSZWRpcmVjdGlvbg0KDQpOT1RJ
Q0U6IFRoZSBpbmZvcm1hdGlvbiBpbiB0aGlzIFNlY3VyaXR5IEJ1bGxldGluIHNob3VsZCBiZSBh
Y3RlZCB1cG9uIGFzIHNvb24gYXMgcG9zc2libGUuDQoNClJlbGVhc2UgRGF0ZTogMjAxNy0wNi0y
OQ0KTGFzdCBVcGRhdGVkOiAyMDE3LTA2LTI5DQoNClBvdGVudGlhbCBTZWN1cml0eSBJbXBhY3Q6
IFJlbW90ZTogQnlwYXNzIFNlY3VyaXR5IFJlc3RyaWN0aW9ucywgQ3Jvc3MtU2l0ZSBTY3JpcHRp
bmcgKFhTUyksIFVSTCBSZWRpcmVjdGlvbg0KDQpTb3VyY2U6IEhld2xldHQgUGFja2FyZCBFbnRl
cnByaXNlLCBQcm9kdWN0IFNlY3VyaXR5IFJlc3BvbnNlIFRlYW0NCg0KVlVMTkVSQUJJTElUWSBT
VU1NQVJZDQpQb3RlbnRpYWwgc2VjdXJpdHkgdnVsbmVyYWJpbGl0aWVzIGhhdmUgYmVlbiBpZGVu
dGlmaWVkIGluIEhQRSBOZXR3b3JrIE5vZGUgTWFuYWdlciBpLiBUaGUgdnVsbmVyYWJpbGl0aWVz
IGNvdWxkIGJlIHJlbW90ZWx5IGV4cGxvaXRlZCB0byBhbGxvdyBieXBhc3Mgc2VjdXJpdHkgcmVz
dHJpY3Rpb25zLCBjcm9zcy1zaXRlIHNjcmlwdGluZyAoWFNTKSwgYW5kL29yIFVSTCByZWRpcmVj
dGlvbi4NCg0KUmVmZXJlbmNlczoNCg0KICAtIENWRS0yMDE3LTg5NDggLSByZW1vdGUgYnlwYXNz
IHNlY3VyaXR5IHJlc3RyaWN0aW9ucywgWFNTLCBVUkwgcmVkaXJlY3Rpb24NCg0KU1VQUE9SVEVE
IFNPRlRXQVJFIFZFUlNJT05TKjogT05MWSBpbXBhY3RlZCB2ZXJzaW9ucyBhcmUgbGlzdGVkLg0K
DQogIC0gSFBFIE5ldHdvcmsgTm9kZSBNYW5hZ2VyIEkgKE5OTWkpIFNvZnR3YXJlIC0gdjEwLjB4
LCB2MTAuMXgsIHYxMC4yeA0KDQpCQUNLR1JPVU5EDQoNCiAgQ1ZTUyBCYXNlIE1ldHJpY3MNCiAg
PT09PT09PT09PT09PT09PT0NCiAgUmVmZXJlbmNlLCBDVlNTIFYzIFNjb3JlL1ZlY3RvciwgQ1ZT
UyBWMiBTY29yZS9WZWN0b3INCg0KICAgIENWRS0yMDE3LTg5NDgNCiAgICAgIDkuOCBDVlNTOjMu
MC9BVjpOL0FDOkwvUFI6Ti9VSTpOL1M6VS9DOkgvSTpIL0E6SA0KICAgICAgMTAuMCAoQVY6Ti9B
QzpML0F1Ok4vQzpDL0k6Qy9BOkMpDQoNCiAgICBJbmZvcm1hdGlvbiBvbiBDVlNTIGlzIGRvY3Vt
ZW50ZWQgaW4NCiAgICBIUEUgQ3VzdG9tZXIgTm90aWNlIEhQU04tMjAwOC0wMDIgaGVyZToNCg0K
aHR0cHM6Ly9oMjA1NjQud3d3Mi5ocGUuY29tL2hwc2MvZG9jL3B1YmxpYy9kaXNwbGF5P2RvY0lk
PWVtcl9uYS1jMDEzNDU0OTkNCg0KSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgdGhhbmtzIENh
bHVtIEh1dHRvbiBmb3IgcmVwb3J0aW5nIHRoaXMgaXNzdWUgdG8gc2VjdXJpdHktYWxlcnRAaHBl
LmNvbQ0KDQpSRVNPTFVUSU9ODQoNCkhQRSBoYXMgbWFkZSB0aGUgZm9sbG93aW5nIHNvZnR3YXJl
IHVwZGF0ZXMgYW5kIG1pdGlnYXRpb24gaW5mb3JtYXRpb24gdG8gcmVzb2x2ZSB0aGUgdnVsbmVy
YWJpbGl0eSBpbiBIUEUgTmV0d29yayBOb2RlIE1hbmFnZXIgaToNCg0KQ3VzdG9tZXJzIHVzaW5n
IHY5LlggbXVzdCB1cGdyYWRlIHRvIHYxMC54IGFuZCB0aGVuIGluc3RhbGwgdGhlIHBhdGNoIGJl
bG93Lg0KDQpQYXRjaGVzIGFyZSBhdmFpbGFibGUgdG8gYWRkcmVzcyB0aGUgdnVsbmVyYWJpbGl0
aWVzOg0KDQpGb3IgdjEwLjB4OiBOZXR3b3JrIE5vZGUgTWFuYWdlciBpIDEwLjAwIFBhdGNoIDUN
Cg0KLSAtIExpbnV4Og0KPGh0dHBzOi8vc29mdHdhcmVzdXBwb3J0LmhwZS5jb20vZ3JvdXAvc29m
dHdhcmVzdXBwb3J0L3NlYXJjaC1yZXN1bHQvLS9mYWNldHMNCmFyY2gvZG9jdW1lbnQvS00wMjgw
Mjk1Mj4NCi0gLSBXaW5kb3dzOg0KPGh0dHBzOi8vc29mdHdhcmVzdXBwb3J0LmhwZS5jb20vZ3Jv
dXAvc29mdHdhcmVzdXBwb3J0L3NlYXJjaC1yZXN1bHQvLS9mYWNldHMNCmFyY2gvZG9jdW1lbnQv
S00wMjgwMjk0MD4NCg0KRm9yIHYxMC4xeDogTmV0d29yayBOb2RlIE1hbmFnZXIgaSAxMC4xMCBQ
YXRjaCA0DQoNCi0gLSBMaW51eDoNCjxodHRwczovL3NvZnR3YXJlc3VwcG9ydC5ocGUuY29tL2dy
b3VwL3NvZnR3YXJlc3VwcG9ydC9zZWFyY2gtcmVzdWx0Ly0vZmFjZXRzDQphcmNoL2RvY3VtZW50
L0tNMDI4MDI5NzI+DQotIC0gV2luZG93czoNCjxodHRwczovL3NvZnR3YXJlc3VwcG9ydC5ocGUu
Y29tL2dyb3VwL3NvZnR3YXJlc3VwcG9ydC9zZWFyY2gtcmVzdWx0Ly0vZmFjZXRzDQphcmNoL2Rv
Y3VtZW50L0tNMDI4MDMwMDA+DQoNCkZvciB2MTAuMng6IE5ldHdvcmsgTm9kZSBNYW5hZ2VyIGkg
MTAuMjAgUGF0Y2ggMw0KDQotIC0gTGludXg6DQo8aHR0cHM6Ly9zb2Z0d2FyZXN1cHBvcnQuaHBl
LmNvbS9ncm91cC9zb2Z0d2FyZXN1cHBvcnQvc2VhcmNoLXJlc3VsdC8tL2ZhY2V0cw0KYXJjaC9k
b2N1bWVudC9LTTAyODAyOTMyPg0KLSAtIFdpbmRvd3M6DQo8aHR0cHM6Ly9zb2Z0d2FyZXN1cHBv
cnQuaHBlLmNvbS9ncm91cC9zb2Z0d2FyZXN1cHBvcnQvc2VhcmNoLXJlc3VsdC8tL2ZhY2V0cw0K
YXJjaC9kb2N1bWVudC9LTTAyODAyOTY0Pg0KDQpISVNUT1JZDQpWZXJzaW9uOjEgKHJldi4xKSAt
IDI5IEp1bmUgMjAxNyBJbml0aWFsIHJlbGVhc2UNCg0KVGhpcmQgUGFydHkgU2VjdXJpdHkgUGF0
Y2hlczogVGhpcmQgcGFydHkgc2VjdXJpdHkgcGF0Y2hlcyB0aGF0IGFyZSB0byBiZSBpbnN0YWxs
ZWQgb24gc3lzdGVtcyBydW5uaW5nIEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIChIUEUpIHNv
ZnR3YXJlIHByb2R1Y3RzIHNob3VsZCBiZSBhcHBsaWVkIGluIGFjY29yZGFuY2Ugd2l0aCB0aGUg
Y3VzdG9tZXIncyBwYXRjaCBtYW5hZ2VtZW50IHBvbGljeS4NCg0KU3VwcG9ydDogRm9yIGlzc3Vl
cyBhYm91dCBpbXBsZW1lbnRpbmcgdGhlIHJlY29tbWVuZGF0aW9ucyBvZiB0aGlzIFNlY3VyaXR5
IEJ1bGxldGluLCBjb250YWN0IG5vcm1hbCBIUEUgU2VydmljZXMgc3VwcG9ydCBjaGFubmVsLiBG
b3Igb3RoZXIgaXNzdWVzIGFib3V0IHRoZSBjb250ZW50IG9mIHRoaXMgU2VjdXJpdHkgQnVsbGV0
aW4sIHNlbmQgZS1tYWlsIHRvIHNlY3VyaXR5LWFsZXJ0QGhwZS5jb20uDQoNClJlcG9ydDogVG8g
cmVwb3J0IGEgcG90ZW50aWFsIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdHkgZm9yIGFueSBIUEUgc3Vw
cG9ydGVkDQpwcm9kdWN0Og0KICBXZWIgZm9ybTogaHR0cHM6Ly93d3cuaHBlLmNvbS9pbmZvL3Jl
cG9ydC1zZWN1cml0eS12dWxuZXJhYmlsaXR5DQogIEVtYWlsOiBzZWN1cml0eS1hbGVydEBocGUu
Y29tDQoNClN1YnNjcmliZTogVG8gaW5pdGlhdGUgYSBzdWJzY3JpcHRpb24gdG8gcmVjZWl2ZSBm
dXR1cmUgSFBFIFNlY3VyaXR5IEJ1bGxldGluIGFsZXJ0cyB2aWEgRW1haWw6IGh0dHA6Ly93d3cu
aHBlLmNvbS9zdXBwb3J0L1N1YnNjcmliZXJfQ2hvaWNlDQoNClNlY3VyaXR5IEJ1bGxldGluIEFy
Y2hpdmU6IEEgbGlzdCBvZiByZWNlbnRseSByZWxlYXNlZCBTZWN1cml0eSBCdWxsZXRpbnMgaXMg
YXZhaWxhYmxlIGhlcmU6IGh0dHA6Ly93d3cuaHBlLmNvbS9zdXBwb3J0L1NlY3VyaXR5X0J1bGxl
dGluX0FyY2hpdmUNCg0KU29mdHdhcmUgUHJvZHVjdCBDYXRlZ29yeTogVGhlIFNvZnR3YXJlIFBy
b2R1Y3QgQ2F0ZWdvcnkgaXMgcmVwcmVzZW50ZWQgaW4gdGhlIHRpdGxlIGJ5IHRoZSB0d28gY2hh
cmFjdGVycyBmb2xsb3dpbmcgSFBTQi4NCg0KM0MgPSAzQ09NDQozUCA9IDNyZCBQYXJ0eSBTb2Z0
d2FyZQ0KR04gPSBIUEUgR2VuZXJhbCBTb2Z0d2FyZQ0KSEYgPSBIUEUgSGFyZHdhcmUgYW5kIEZp
cm13YXJlDQpNVSA9IE11bHRpLVBsYXRmb3JtIFNvZnR3YXJlDQpOUyA9IE5vblN0b3AgU2VydmVy
cw0KT1YgPSBPcGVuVk1TDQpQViA9IFByb0N1cnZlDQpTVCA9IFN0b3JhZ2UgU29mdHdhcmUNClVY
ID0gSFAtVVgNCg0KQ29weXJpZ2h0IDIwMTYgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UNCg0K
SGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2Ugc2hhbGwgbm90IGJlIGxpYWJsZSBmb3IgdGVjaG5p
Y2FsIG9yIGVkaXRvcmlhbCBlcnJvcnMgb3Igb21pc3Npb25zIGNvbnRhaW5lZCBoZXJlaW4uIFRo
ZSBpbmZvcm1hdGlvbiBwcm92aWRlZCBpcyBwcm92aWRlZCAiYXMgaXMiIHdpdGhvdXQgd2FycmFu
dHkgb2YgYW55IGtpbmQuIFRvIHRoZSBleHRlbnQgcGVybWl0dGVkIGJ5IGxhdywgbmVpdGhlciBI
UCBvciBpdHMgYWZmaWxpYXRlcywgc3ViY29udHJhY3RvcnMgb3Igc3VwcGxpZXJzIHdpbGwgYmUg
bGlhYmxlIGZvciBpbmNpZGVudGFsLHNwZWNpYWwgb3IgY29uc2VxdWVudGlhbCBkYW1hZ2VzIGlu
Y2x1ZGluZyBkb3dudGltZSBjb3N0OyBsb3N0IHByb2ZpdHM7IGRhbWFnZXMgcmVsYXRpbmcgdG8g
dGhlIHByb2N1cmVtZW50IG9mIHN1YnN0aXR1dGUgcHJvZHVjdHMgb3Igc2VydmljZXM7IG9yIGRh
bWFnZXMgZm9yIGxvc3Mgb2YgZGF0YSwgb3Igc29mdHdhcmUgcmVzdG9yYXRpb24uIFRoZSBpbmZv
cm1hdGlvbiBpbiB0aGlzIGRvY3VtZW50IGlzIHN1YmplY3QgdG8gY2hhbmdlIHdpdGhvdXQgbm90
aWNlLiBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBhbmQgdGhlIG5hbWVzIG9mIEhld2xldHQg
UGFja2FyZCBFbnRlcnByaXNlIHByb2R1Y3RzIHJlZmVyZW5jZWQgaGVyZWluIGFyZSB0cmFkZW1h
cmtzIG9mIEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIGluIHRoZSBVbml0ZWQgU3RhdGVzIGFu
ZCBvdGhlciBjb3VudHJpZXMuIE90aGVyIHByb2R1Y3QgYW5kIGNvbXBhbnkgbmFtZXMgbWVudGlv
bmVkIGhlcmVpbiBtYXkgYmUgdHJhZGVtYXJrcyBvZiB0aGVpciByZXNwZWN0aXZlIG93bmVycy4N
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUVj
QkFFQkNBQUdCUUpaVlZ4YkFBb0pFTFhoQXh0N1NaYWlHaDhJQUk0U0VCVHpKbmd1VDRxRDBSWENY
NzVXDQp0S0ZCOGQ4MVpwODNEOTFFQXdBelNScnNRMHpWb2dPZlpUakhRRmc2TGdKaktIRERvR1FM
MmZ6c3psZFJITDRuDQovcU5DbWhoR2NXY1BJczZ0aWl3Y1oraGtvWE9UMWZiWHQ4MXJzTmxhTCsv
NnpaK2ZrNzlQaDk5enBIbWFpbjFsDQpxSjJrc296Y05lbW5nc25rYzJ0UnY1VHFCTWp4SWU2Y3o0
WHpSeUFYYXE0NEJCQytxWGJja2FEQ3ZqWUkyampsDQp4a1ZxQUhSVG5LVXZIMWxRUzFSMGxjcTZ3
bDVnNkJXMytXL3F0aHJtcEs3djlZNWRiS1RramV4WkUybFBtdFplDQpiU25Qdnc0ZFkzMlU4NUV4
QlNWaFo3RVJvWDlJUkh4UUJHdExHZVdSeXIxV2EyQ2JURnczOFpwd2lKVnhZams9DQo9MDRvbw0K
LS0tLS1FTkQgUEdQIFNJR05BVFVSRS0tLS0tDQo=