Addressing CVE-2018-13820 and CVE-2018-13819 Vulnerabilities

This release of CA UIM addresses CVE-2018-13820 and CVE-2018-13819 vulnerabilities. CVE-2018-13820 is about a hard-coded passphrase, which is now externalized to data_engine. The probes that connect to the database now use the externalized passphrase. CVE-2018-13819 is about a hard-coded secret key in the ppm probe, which is also addressed as a part of this release. The following items have been explicitly updated for this functionality:
uim902-9-0-2
This release of CA UIM addresses CVE-2018-13820 and CVE-2018-13819 vulnerabilities. CVE-2018-13820 is about a hard-coded passphrase, which is now externalized to data_engine. The probes that connect to the database now use the externalized passphrase. CVE-2018-13819 is about a hard-coded secret key in the ppm probe, which is also addressed as a part of this release. The following items have been explicitly updated for this functionality:
  • ace 9.03
  • alarm_routing_service 10.20
  • apmgtw 3.22
  • audit 9.03
  • axagateway 1.35
  • cabi 3.32
  • cisco_ucm 2.00
  • cm_data_import 9.02
  • data_engine 9.02
  • discovery_agent 9.02
  • discovery_server 9.02
  • ems 10.20
  • maintenance_mode 9.02
  • mon_config_service 9.02
  • mpse 9.02
  • nas 9.06
  • nis_server 9.03
  • ppm 3.49
  • qos_processor 9.02
  • sla_engine 9.02
  • telemetry 1.22
  • trellis 9.02
  • udm_manager 9.02
  • uimapi 9.02
  • usage_metering 9.21
  • wasp 9.02
  • webservices_rest 9.02