The notice has fix for CER 11

rehan1786 · ‎03-31-2017

Bug Search Bug Search Tool - Cisco

Evaluation of e911-chicago for struts2-jakarta vulnerability

CSCvd51442

Bug Search Bug Search Tool - Cisco

Conditions:
Exposure is not configuration dependent.
This vulnerability affects 11.0 and 11.5 releases only.

Bug Search Bug Search Tool - Cisco

Last Modified:

Mar 24,2017

Status:

Fixed

Severity:

2 Severe

Product:

(1)

Cisco Emergency Responder

Support Cases:

2

Known Affected Releases:

(1)

12.0(0.98000.50)

Known Fixed Releases:

(1)

12.0(0.98000.55)

My Only question whether is it impacting 11.5 version or not. Because its not very clear Know affected release its only stated 12.0 version.

Can someone please verify.

Thanks,

Rehan

Jaime Valencia · ‎03-31-2017

The list of affected products that have been confirmed, is in the security advisory from the bug

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2

HTH

java

if this helps, please rate

rehan1786 · ‎03-31-2017

Thanks Jaime,

But as per cisco 12.0 version is not released yet.

Erick Bergquist · ‎03-31-2017

The notice has fix for CER 11.5 with date of April 10th 2017.

The Call Manager fix has date of 3-31-2017 but I see no update patches on CCO for Call Manager build 11.5.1.13900 yet which should be SU3.

Same for IM&Presence, the bug mentions fix 3-23-2017 in 11.5.1.13900 but no 13900 version on CCO yet for download as of 11pm MT 3-31-2017.

Are there going to patches for Call Manager, CER, and Unity Connection 11.0.x for this?

Erick