It's worth noting that this vulnerability was first published over two months ago, and it appears Cisco has since released three separate patches for ISE 2.6. There's no indication in release notes that this issue has been addressed for 2.6, which is...

One of our Cisco partners advised that this would be fixed in an upcoming 2.6 patch. Since then, 2.6 patch 5 was released, but does not mention CSCvs65467 in the release notes at all. Does 2.6 patch 5 address this bug?

Unfortunately, this bug page lists neither the affected nor the fixed releases of CSPC (as of 2018-10-05).

This was also confirmed as an issue with 2.2.0.470 through a TAC case, but this bug page doesn't have that documented currently (2018-09-14). Will this bug page be updated, and is there any information on a release date for the 2.2 fix?

I noticed that this bug is listed as "fixed", but there's no information regarding the fix or any software releases that might provide it.So, what's the fix?