[security bulletin] HPESBHF03745 rev.3 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v
dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp
cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj
L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzQ1ZW5fdXMN
Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j
dW1lbnQgSUQ6IGhwZXNiaGYwMzc0NWVuX3VzDQpWZXJzaW9uOiAzDQoNCkhQRVNCSEYw
Mzc0NSByZXYuMyAtIEhQRSBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoaU1D
KSBQTEFULCBSZW1vdGUNCkNvZGUgRXhlY3V0aW9uDQoNCk5PVElDRTogVGhlIGluZm9y
bWF0aW9uIGluIHRoaXMgU2VjdXJpdHkgQnVsbGV0aW4gc2hvdWxkIGJlIGFjdGVkIHVw
b24gYXMNCnNvb24gYXMgcG9zc2libGUuDQoNClJlbGVhc2UgRGF0ZTogMjAxNy0wNy0y
Mg0KTGFzdCBVcGRhdGVkOiAyMDE3LTA3LTIxDQoNClBvdGVudGlhbCBTZWN1cml0eSBJ
bXBhY3Q6IFJlbW90ZTogQ29kZSBFeGVjdXRpb24NCg0KU291cmNlOiBIZXdsZXR0IFBh
Y2thcmQgRW50ZXJwcmlzZSwgUHJvZHVjdCBTZWN1cml0eSBSZXNwb25zZSBUZWFtDQoN
ClZVTE5FUkFCSUxJVFkgU1VNTUFSWQ0KUG90ZW50aWFsIHNlY3VyaXR5IHZ1bG5lcmFi
aWxpdGllcyBoYXZlIGJlZW4gaWRlbnRpZmllZCBpbiBIUEUgSW50ZWxsaWdlbnQNCk1h
bmFnZW1lbnQgQ2VudGVyIChpTUMpIFBMQVQuIFRoZSB2dWxuZXJhYmlsaXRpZXMgY291
bGQgYmUgZXhwbG9pdGVkIHJlbW90ZWx5DQp0byBhbGxvdyBleGVjdXRpb24gb2YgY29k
ZS4NCg0KUmVmZXJlbmNlczoNCg0KICAtIENWRS0yMDE3LTU4MTYNCiAgLSBDVkUtMjAx
Ny01ODE3DQogIC0gQ1ZFLTIwMTctNTgxOA0KICAtIENWRS0yMDE3LTU4MTkNCiAgLSBD
VkUtMjAxNy04OTU2IC0gWkRJLUNBTi00MzY4DQoNClNVUFBPUlRFRCBTT0ZUV0FSRSBW
RVJTSU9OUyo6IE9OTFkgaW1wYWN0ZWQgdmVyc2lvbnMgYXJlIGxpc3RlZC4NCg0KICAt
IEhQIEludGVsbGlnZW50IE1hbmFnZW1lbnQgQ2VudGVyIChpTUMpIEFsbCB2ZXJzaW9u
cyBwcmlvciB0byBJTUMgUExBVCA3LjMNCkUwNTA0UDA0IC0gUGxlYXNlIHJlZmVyIHRv
IHRoZSBSRVNPTFVUSU9OIGJlbG93IGZvciBhIGxpc3Qgb2YgaW1wYWN0ZWQNCnByb2R1
Y3RzLiANCg0KQkFDS0dST1VORA0KDQogIENWU1MgQmFzZSBNZXRyaWNzDQogID09PT09
PT09PT09PT09PT09DQogIFJlZmVyZW5jZSwgQ1ZTUyBWMyBTY29yZS9WZWN0b3IsIENW
U1MgVjIgU2NvcmUvVmVjdG9yDQoNCiAgICBDVkUtMjAxNy01ODE2DQogICAgICA5Ljgg
Q1ZTUzozLjAvQVY6Ti9BQzpML1BSOk4vVUk6Ti9TOlUvQzpIL0k6SC9BOkgNCiAgICAg
IDEwLjAgKEFWOk4vQUM6TC9BdTpOL0M6Qy9JOkMvQTpDKQ0KDQogICAgQ1ZFLTIwMTct
NTgxNw0KICAgICAgOS44IENWU1M6My4wL0FWOk4vQUM6TC9QUjpOL1VJOk4vUzpVL0M6
SC9JOkgvQTpIDQogICAgICAxMC4wIChBVjpOL0FDOkwvQXU6Ti9DOkMvSTpDL0E6QykN
Cg0KICAgIENWRS0yMDE3LTU4MTgNCiAgICAgIDcuNSBDVlNTOjMuMC9BVjpOL0FDOkwv
UFI6Ti9VSTpOL1M6VS9DOk4vSTpOL0E6SA0KICAgICAgNy44IChBVjpOL0FDOkwvQXU6
Ti9DOk4vSTpOL0E6QykNCg0KICAgIENWRS0yMDE3LTU4MTkNCiAgICAgIDkuOCBDVlNT
OjMuMC9BVjpOL0FDOkwvUFI6Ti9VSTpOL1M6VS9DOkgvSTpIL0E6SA0KICAgICAgMTAu
MCAoQVY6Ti9BQzpML0F1Ok4vQzpDL0k6Qy9BOkMpDQoNCiAgICBDVkUtMjAxNy04OTU2
DQogICAgICA5LjggQ1ZTUzozLjAvQVY6Ti9BQzpML1BSOk4vVUk6Ti9TOlUvQzpIL0k6
SC9BOkgNCiAgICAgIDEwLjAgKEFWOk4vQUM6TC9BdTpOL0M6Qy9JOkMvQTpDKQ0KDQog
ICAgSW5mb3JtYXRpb24gb24gQ1ZTUyBpcyBkb2N1bWVudGVkIGluDQogICAgSFBFIEN1
c3RvbWVyIE5vdGljZSBIUFNOLTIwMDgtMDAyIGhlcmU6DQoNCmh0dHBzOi8vaDIwNTY0
Lnd3dzIuaHBlLmNvbS9ocHNjL2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEt
YzAxMzQ1NDk5DQoNCkhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIHRoYW5rcyBzenRp
dmkgZm9yIHdvcmtpbmcgd2l0aCBUcmVuZCBNaWNybydzIFplcm8NCkRheSBJbml0aWF0
aXZlIChaREkpIGZvciByZXBvcnRpbmcgdGhlc2UgdnVsbmVyYWJpbGl0aWVzIHRvDQpz
ZWN1cml0eS1hbGVydEBocGUuY29tDQoNClJFU09MVVRJT04NCg0KSFBFIGhhcyBtYWRl
IHRoZSBmb2xsb3dpbmcgc29mdHdhcmUgdXBkYXRlIGF2YWlsYWJsZSB0byByZXNvbHZl
IHRoZQ0KdnVsbmVyYWJpbGl0aWVzIGluIHRoZSBpTUMgUExBVCBuZXR3b3JrIHByb2R1
Y3RzIGxpc3RlZC4gDQoNCiAgKyAqKmlNQyBQTEFUIC0gVmVyc2lvbjogRml4ZWQgaW4g
SU1DIFBMQVQgNy4zIEUwNTA0UDA0KioNCiAgICAqIEhQIE5ldHdvcmsgUHJvZHVjdHMN
CiAgICAgIC0gSkQxMjVBICBIUCBJTUMgU3RkIFMvVyBQbGF0Zm9ybSB3LzEwMC1ub2Rl
DQogICAgICAtIEpEMTI2QSAgSFAgSU1DIEVudCBTL1cgUGxhdGZvcm0gdy8xMDAtbm9k
ZQ0KICAgICAgLSBKRDgwOEEgIEhQIElNQyBFbnQgUGxhdGZvcm0gdy8xMDAtbm9kZSBM
aWNlbnNlDQogICAgICAtIEpEODE0QSAgIEhQIEEtSU1DIEVudGVycHJpc2UgRWRpdGlv
biBTb2Z0d2FyZSBEVkQgTWVkaWENCiAgICAgIC0gSkQ4MTVBICBIUCBJTUMgU3RkIFBs
YXRmb3JtIHcvMTAwLW5vZGUgTGljZW5zZQ0KICAgICAgLSBKRDgxNkEgIEhQIEEtSU1D
IFN0YW5kYXJkIEVkaXRpb24gU29mdHdhcmUgRFZEIE1lZGlhDQogICAgICAtIEpGMjg4
QUFFICBIUCBOZXR3b3JrIERpcmVjdG9yIHRvIEludGVsbGlnZW50IE1hbmFnZW1lbnQg
Q2VudGVyDQpVcGdyYWRlIEUtTFRVDQogICAgICAtIEpGMjg5QUFFICBIUCBFbnRlcnBy
aXNlIE1hbmFnZW1lbnQgU3lzdGVtIHRvIEludGVsbGlnZW50IE1hbmFnZW1lbnQNCkNl
bnRlciBVcGdyYWRlIEUtTFRVDQogICAgICAtIEpGMzc3QSAgSFAgSU1DIFN0ZCBTL1cg
UGxhdGZvcm0gdy8xMDAtbm9kZSBMaWMNCiAgICAgIC0gSkYzNzdBQUUgIEhQIElNQyBT
dGQgUy9XIFBsdGZybSB3LzEwMC1ub2RlIEUtTFRVDQogICAgICAtIEpGMzc4QSAgSFAg
SU1DIEVudCBTL1cgUGxhdGZvcm0gdy8yMDAtbm9kZSBMaWMNCiAgICAgIC0gSkYzNzhB
QUUgIEhQIElNQyBFbnQgUy9XIFBsdGZybSB3LzIwMC1ub2RlIEUtTFRVDQogICAgICAt
IEpHNTQ2QUFFICBIUCBJTUMgQmFzaWMgU1cgUGxhdGZvcm0gdy81MC1ub2RlIEUtTFRV
DQogICAgICAtIEpHNTQ4QUFFICBIUCBQQ00rIHRvIElNQyBCc2MgVXBnciB3LzUwLW5v
ZGUgRS1MVFUNCiAgICAgIC0gSkc1NDlBQUUgIEhQIFBDTSsgdG8gSU1DIFN0ZCBVcGdy
IHcvMjAwLW5vZGUgRS1MVFUNCiAgICAgIC0gSkc3NDdBQUUgIEhQIElNQyBTdGQgU1cg
UGxhdCB3LyA1MCBOb2RlcyBFLUxUVQ0KICAgICAgLSBKRzc0OEFBRSAgSFAgSU1DIEVu
dCBTVyBQbGF0IHcvIDUwIE5vZGVzIEUtTFRVDQogICAgICAtIEpHNzY4QUFFICBIUCBQ
Q00rIHRvIElNQyBTdGQgVXBnIHcvIDIwMC1ub2RlIEUtTFRVDQogICAgICAtIEpHNTUw
QUFFIEhQRSBQQ00rIE1vYmlsaXR5IE1hbmFnZXIgdG8gSU1DIEJhc2ljIFdMQU4gUGxh
dGZvcm0gVXBncmFkZQ0KNTAtbm9kZSBhbmQgMTUwLUFQIEUtTFRVDQogICAgICAtIEpH
NTkwQUFFIEhQRSBJTUMgQmFzaWMgV0xBTiBNYW5hZ2VyIFNvZnR3YXJlIFBsYXRmb3Jt
IDUwIEFjY2VzcyBQb2ludA0KRS1MVFUNCiAgICAgIC0gSkc2NjBBQUUgSFAgSU1DIFNt
YXJ0IENvbm5lY3Qgd2l0aCBXaXJlbGVzcyBNYW5hZ2VyIFZpcnR1YWwgQXBwbGlhbmNl
DQpFZGl0aW9uIEUtTFRVDQogICAgICAtIEpHNzY2QUFFIEhQIElNQyBTbWFydCBDb25u
ZWN0IFZpcnR1YWwgQXBwbGlhbmNlIEVkaXRpb24gRS1MVFUNCiAgICAgIC0gSkc3NjdB
QUUgSFAgSU1DIFNtYXJ0IENvbm5lY3Qgd2l0aCBXaXJlbGVzcyBNYW5hZ2VyIFZpcnR1
YWwgQXBwbGlhbmNlDQpFZGl0aW9uIEUtTFRVDQogICAgICAtIEpHNzY4QUFFIEhQRSBQ
Q00rIHRvIElNQyBTdGFuZGFyZCBTb2Z0d2FyZSBQbGF0Zm9ybSBVcGdyYWRlIHdpdGgN
CjIwMC1ub2RlIEUtTFRVDQoNCioqTm90ZToqKiBQbGVhc2UgY29udGFjdCBIUEUgVGVj
aG5pY2FsIFN1cHBvcnQgaWYgYW55IGFzc2lzdGFuY2UgaXMgbmVlZGVkDQphY3F1aXJp
bmcgdGhlIHNvZnR3YXJlIHVwZGF0ZXMuDQoNCkhJU1RPUlkNCg0KVmVyc2lvbjoxIChy
ZXYuMSkgLSAxMSBNYXkgMjAxNyBJbml0aWFsIHJlbGVhc2UNCg0KVmVyc2lvbjoyIChy
ZXYuMikgLSAyNiBKdW5lIDIwMTcgQWRkaW5nIFpESS1DQU4tNDM2OCB0byBTZWN1cml0
eSBCdWxsZXRpbi4NCg0KVmVyc2lvbjozIChyZXYuMykgLSAyMSBKdWx5IDIwMTcgQW1l
bmRlZCBpbmNvcnJlY3QgQ1ZFIG51bWJlcg0KDQoNClRoaXJkIFBhcnR5IFNlY3VyaXR5
IFBhdGNoZXM6IFRoaXJkIHBhcnR5IHNlY3VyaXR5IHBhdGNoZXMgdGhhdCBhcmUgdG8g
YmUNCmluc3RhbGxlZCBvbiBzeXN0ZW1zIHJ1bm5pbmcgSGV3bGV0dCBQYWNrYXJkIEVu
dGVycHJpc2UgKEhQRSkgc29mdHdhcmUNCnByb2R1Y3RzIHNob3VsZCBiZSBhcHBsaWVk
IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgY3VzdG9tZXIncyBwYXRjaCBtYW5hZ2VtZW50
DQpwb2xpY3kuDQoNClN1cHBvcnQ6IEZvciBpc3N1ZXMgYWJvdXQgaW1wbGVtZW50aW5n
IHRoZSByZWNvbW1lbmRhdGlvbnMgb2YgdGhpcyBTZWN1cml0eQ0KQnVsbGV0aW4sIGNv
bnRhY3Qgbm9ybWFsIEhQRSBTZXJ2aWNlcyBzdXBwb3J0IGNoYW5uZWwuIEZvciBvdGhl
ciBpc3N1ZXMgYWJvdXQNCnRoZSBjb250ZW50IG9mIHRoaXMgU2VjdXJpdHkgQnVsbGV0
aW4sIHNlbmQgZS1tYWlsIHRvIHNlY3VyaXR5LWFsZXJ0QGhwZS5jb20uDQoNClJlcG9y
dDogVG8gcmVwb3J0IGEgcG90ZW50aWFsIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdHkgZm9y
IGFueSBIUEUgc3VwcG9ydGVkDQpwcm9kdWN0Og0KICBXZWIgZm9ybTogaHR0cHM6Ly93
d3cuaHBlLmNvbS9pbmZvL3JlcG9ydC1zZWN1cml0eS12dWxuZXJhYmlsaXR5DQogIEVt
YWlsOiBzZWN1cml0eS1hbGVydEBocGUuY29tDQoNClN1YnNjcmliZTogVG8gaW5pdGlh
dGUgYSBzdWJzY3JpcHRpb24gdG8gcmVjZWl2ZSBmdXR1cmUgSFBFIFNlY3VyaXR5IEJ1
bGxldGluDQphbGVydHMgdmlhIEVtYWlsOiBodHRwOi8vd3d3LmhwZS5jb20vc3VwcG9y
dC9TdWJzY3JpYmVyX0Nob2ljZQ0KDQpTZWN1cml0eSBCdWxsZXRpbiBBcmNoaXZlOiBB
IGxpc3Qgb2YgcmVjZW50bHkgcmVsZWFzZWQgU2VjdXJpdHkgQnVsbGV0aW5zIGlzDQph
dmFpbGFibGUgaGVyZTogaHR0cDovL3d3dy5ocGUuY29tL3N1cHBvcnQvU2VjdXJpdHlf
QnVsbGV0aW5fQXJjaGl2ZQ0KDQpTb2Z0d2FyZSBQcm9kdWN0IENhdGVnb3J5OiBUaGUg
U29mdHdhcmUgUHJvZHVjdCBDYXRlZ29yeSBpcyByZXByZXNlbnRlZCBpbg0KdGhlIHRp
dGxlIGJ5IHRoZSB0d28gY2hhcmFjdGVycyBmb2xsb3dpbmcgSFBTQi4NCg0KM0MgPSAz
Q09NDQozUCA9IDNyZCBQYXJ0eSBTb2Z0d2FyZQ0KR04gPSBIUEUgR2VuZXJhbCBTb2Z0
d2FyZQ0KSEYgPSBIUEUgSGFyZHdhcmUgYW5kIEZpcm13YXJlDQpNVSA9IE11bHRpLVBs
YXRmb3JtIFNvZnR3YXJlDQpOUyA9IE5vblN0b3AgU2VydmVycw0KT1YgPSBPcGVuVk1T
DQpQViA9IFByb0N1cnZlDQpTVCA9IFN0b3JhZ2UgU29mdHdhcmUNClVYID0gSFAtVVgN
Cg0KQ29weXJpZ2h0IDIwMTYgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UNCg0KSGV3
bGV0dCBQYWNrYXJkIEVudGVycHJpc2Ugc2hhbGwgbm90IGJlIGxpYWJsZSBmb3IgdGVj
aG5pY2FsIG9yIGVkaXRvcmlhbA0KZXJyb3JzIG9yIG9taXNzaW9ucyBjb250YWluZWQg
aGVyZWluLiBUaGUgaW5mb3JtYXRpb24gcHJvdmlkZWQgaXMgcHJvdmlkZWQNCiJhcyBp
cyIgd2l0aG91dCB3YXJyYW50eSBvZiBhbnkga2luZC4gVG8gdGhlIGV4dGVudCBwZXJt
aXR0ZWQgYnkgbGF3LCBuZWl0aGVyDQpIUCBvciBpdHMgYWZmaWxpYXRlcywgc3ViY29u
dHJhY3RvcnMgb3Igc3VwcGxpZXJzIHdpbGwgYmUgbGlhYmxlIGZvcg0KaW5jaWRlbnRh
bCxzcGVjaWFsIG9yIGNvbnNlcXVlbnRpYWwgZGFtYWdlcyBpbmNsdWRpbmcgZG93bnRp
bWUgY29zdDsgbG9zdA0KcHJvZml0czsgZGFtYWdlcyByZWxhdGluZyB0byB0aGUgcHJv
Y3VyZW1lbnQgb2Ygc3Vic3RpdHV0ZSBwcm9kdWN0cyBvcg0Kc2VydmljZXM7IG9yIGRh
bWFnZXMgZm9yIGxvc3Mgb2YgZGF0YSwgb3Igc29mdHdhcmUgcmVzdG9yYXRpb24uIFRo
ZQ0KaW5mb3JtYXRpb24gaW4gdGhpcyBkb2N1bWVudCBpcyBzdWJqZWN0IHRvIGNoYW5n
ZSB3aXRob3V0IG5vdGljZS4gSGV3bGV0dA0KUGFja2FyZCBFbnRlcnByaXNlIGFuZCB0
aGUgbmFtZXMgb2YgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgcHJvZHVjdHMNCnJl
ZmVyZW5jZWQgaGVyZWluIGFyZSB0cmFkZW1hcmtzIG9mIEhld2xldHQgUGFja2FyZCBF
bnRlcnByaXNlIGluIHRoZSBVbml0ZWQNClN0YXRlcyBhbmQgb3RoZXIgY291bnRyaWVz
LiBPdGhlciBwcm9kdWN0IGFuZCBjb21wYW55IG5hbWVzIG1lbnRpb25lZCBoZXJlaW4N
Cm1heSBiZSB0cmFkZW1hcmtzIG9mIHRoZWlyIHJlc3BlY3RpdmUgb3duZXJzLg0KLS0t
LS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRRWNC
QUVCQ0FBR0JRSlpjbCsxQUFvSkVMWGhBeHQ3U1phaVFBOElBS0ZSWWR5amRnVk9XVEJv
eHdJZzRyRGwKY1B0VzNYUTZJekVOL3o0R1FtSHJXWGl6ZmZEeUN3ZXYzRFRPRm00d1lw
MXcxZWMzbTNxbkJidkpHTFI0Qmg4MwpzWGZSN0g1UDFhOGcydWNFRlB3cEI0T0lxMGZk
S1hFUkM2Z3pTWDBxRWNpMDkySTRhejB4OFVRcDhMZDJMYmRPCjhsMVJBWEJoR2xIWWVa
MEltSnlYWlV3QnlKSXJPUElPcEppZm02WDV0SDFwOHlJbzhwS2pGZEhTL2t0ZCtoYkIK
UnA4bmFxVUw3RGFRR25UMWdGSGZyVVhhNjBDTWlmRldSWE5TSFkvWUkyTVhjZlV1YVhI
Ry94TmNqSkpDSTZEVApWeldOQ1hkQlpIZzA3VEhJV1ZhdWtlUnNDWEpHekpjZ2RjS1V5
QVg2SEgweWw4dXN4dktaOWxtTTFyMGdtaDg9Cj0yVi9MCi0tLS0tRU5EIFBHUCBTSUdO
QVRVUkUtLS0tLQo=