IBM Support

Fix list for IBM Business Automation Workflow on Cloud - April 2024 Maintenance

Fix Readme


Abstract

The following document is a list of fixes, along with their descriptions, for the IBM Business Automation Workflow on Cloud April 2024 Maintenance. For older maintenance and other related documents, refer to the links in the Related Information section at the bottom of this document.

Content

The IBM Business Automation Workflow on Cloud service will be undergoing a regularly scheduled maintenance window for critical bug fixes and security updates.
 
This maintenance is being deployed by the Cloud Pak for Business Automation as a Service Site Reliability Engineering (SRE) team. The outage to the tenant production RUN environments will be intermittent and limited to 60 minutes or less during the first hour of the maintenance window.
 
WebSphere Application Server fixes for all Business Automation Workflow on Cloud tenants
WebSphere Application Server fixes for all Business Automation Workflow on Cloud tenants
Fix ID Fix Details Additional Pre-requisite Fixes
IBM WebSphere Application Server V8.5 Fix Pack 8.5.5.25 Fix list for IBM WebSphere Application Server V8.5 Fix Pack 8.5.5.25 N/A
PH59378 Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to January 2024 CPU N/A
PH58869

Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313)

 N/A
PH60195 Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to jose4j (CVE-2023-51775) N/A

Back to top

Business Automation Workflow fixes for v23.0.2.0 tenants
Business Automation Workflow fixes for v23.0.2.0 tenants
Fix ID Fix Details Additional Pre-requisite Fixes
DT258606 DT258606: SECURITY DT258606 - CVE-2023-51074 IN BAW FLINK JOBS N/A
DT259647 CVE-2023-51074 - CaseEmitters - json-path is vulnerable to a denial of service - IBM Business Automation Workflow N/A
DT260228 DT260228: Importing or installing a snapshot fails with NullPointerException in Business Automation Workflow V23.0.2 N/A
DT260320 DT260320: Can not edit properties when editing heritage human services in IBM Process Designer - IBM Business Automation Workflow N/A
DT260435 DT260435: The number of operators an XPath expression can contain exceeds the limit of 100 - IBM Business Automation Workflow N/A
DT260813 DT260813: The IBM Content Navigator application bundled by IBM Business Automation Workflow references esapi.jar which is vulnerable DT259767: Deployment Manager startup fails due to missing IBM_BPM_DocumentStore.ear - IBM Business Automation Workflow
DT260877 DT260877: Security vulnerability in postcss-8.4.22 affects IBM Business Automation Workflow DT259434: Unable to create a snapshot in web Process Designer - IBM Business Automation Workflow
DT261525 DT261525: YOU MAY SEE THAT SNAPSHOTS ARE NOT DISPLAYED AS EXPECTED FOR A PAGE IN THE PROCESS ADMIN CONSOLE DT259434: Unable to create a snapshot in web Process Designer - IBM Business Automation Workflow
DT261837 Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js affect IBM Business Automation Workflow N/A

Back to top

Business Automation Workflow fixes for v21.0.3.1 tenants
Business Automation Workflow fixes for v21.0.3.1 tenants
Fix ID Fix Details Additional Pre-requisite Fixes
DT174091 DT174091: Prevent unique constraint violated for table LSW_USR_GRP_XREF when importing a Process Application N/A
DT224687 DT224687: Multiple CVEs in rules SDK affect Business Automation Workflow - IBM Business Automation Workflow N/A
DT237229 DT237229: SECURITY - MULTIPLE VULNERABILITIES IN OPEN SOURCE LIBRARIES RELATED TO DECISIONS MIGHT AFFECT IBM BUSINESS AUTOMATION WORKFLOW N/A
DT258290 Security Bulletin: vulnerability in jackson-core might affect IBM Business Automation Workflow - PRISMA-2023-0067 N/A
DT258606
 DT258606: SECURITY DT258606 - CVE-2023-51074 IN BAW FLINK JOBS N/A
DT259647
 CVE-2023-51074 - CaseEmitters - json-path is vulnerable to a denial of service - IBM Business Automation Workflow N/A
DT260813 DT260813: The IBM Content Navigator application bundled by IBM Business Automation Workflow references esapi.jar which is vulnerable

DT257955: Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-34623
DT260877 DT260877: Security vulnerability in postcss-8.4.22 affects IBM Business Automation Workflow
DT261837 Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js affect IBM Business Automation Workflow
DT363581

Security Bulletin: Incorrect authorization vulnerability affect IBM Business Automation Workflow - CVE-2023-47716

 N/A

Back to top

Business Automation Workflow fixes for v21.0.3.0 tenants
Business Automation Workflow fixes for v21.0.3.0 tenants
Fix ID Fix Details Additional Pre-requisite Fixes
DT261837

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js affect IBM Business Automation Workflow

Back to top


Note: Clear browser cache before signing in following the maintenance window.

[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSLRPC","label":"IBM Business Automation Workflow on Cloud"},"ARM Category":[{"code":"a8mKe000000GmaiIAC","label":"Maintenance"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
28 June 2024

UID

ibm17146523

Page Feedback