Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
1
Replies

CSCvk30822 - Cisco Prime License Manager SQL Injection Vulnerability

Ciscollab_Amit
Level 4
Level 4

‎12-19-2018 05:34 AM - edited ‎12-19-2018 05:37 AM

Hello,

 

While reading the Readme for the COP file to address the vulnerability CSCvk30822 related to PLM server. https://www.cisco.com/web/software/284832458/133825/ciscocm.CSCvk30822_v1.0.k3.cop.sgn.Readme-Rev2.pdf

to address this vulnerability, it says that 

 

**Warning – Installing this COP will disable some functionality**

 

Installing this COP file will disable the Backup, Restore, and Install/Upgrade functionality in standalone PLM deployments. If you install this COP to remediate CVE-2018-15441, you must install the ciscocm.CSCvk30822_v2.0.k3.cop.sgn COP to restore that functionality. The ciscocm.CSCvk30822_v2.0.k3.cop.sgn COP file will be released on or about the week of December 17.

However, the V2 COP file is still unavailable. Anyone has the luck to receive this COP file or if someone could publish this  ciscocm.CSCvk30822_v2.0.k3.cop.sgn COP file?

 

This vulnerability looks to be resolved in ELM.11.5(1.16001.2). However, this upgrade file is unavailable via Software Downloads Page. 

 

In short, it would be great if someone could publish the V2 COP file, as I have already installed the  ciscocm.CSCvk30822_v1.0.k3.cop.sgn file on the Standalone PLM. Or is it too early to ask for.

 

Cheers,

Amit

 

Labels:
0 Helpful
1 Reply 1

pradorobin
Level 1
Level 1

‎02-12-2019 10:31 AM

For anyone still searching for this, I found it here.  Released Dec 19, 2018.

software.cisco.com/download/redirect?i=!s&imageGuId=DF7395294C98BAD9A377F209E4C6F50A1C5856A5

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents