IBM Support

Fix list for IBM Business Automation Workflow on Cloud - July 2024 Maintenance

Fix Readme


Abstract

The following document is a list of fixes, along with their descriptions, for the IBM Business Automation Workflow on Cloud July 2024 Maintenance. For older maintenance and other related documents, refer to the links in the Related Information section at the bottom of this document.

Content

The IBM Business Automation Workflow on Cloud service will be undergoing a regularly scheduled maintenance window for critical bug fixes and security updates.
 
This maintenance is being deployed by the Cloud Pak for Business Automation as a Service Site Reliability Engineering (SRE) team. The outage to the tenant production RUN environments will be intermittent and limited to 60 minutes or less during the first hour of the maintenance window.
 
WebSphere Application Server fixes for all Business Automation Workflow on Cloud tenants
WebSphere Application Server fixes for all Business Automation Workflow on Cloud tenants
Fix ID Fix Details Additional Pre-requisite Fixes
PH60904 Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2024 CPU N/A
PH59117

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329)

N/A
PH59781 Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026) N/A
PH61002 PH61002 replaces PH60195: OIDC v1.5.3; IBM WebSphere Application Server is vulnerable to a denial of service due to jose4j (CVE-2023-51775 CVSS 7.5) N/A
PH61385 Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313) N/A
PH61504 Security Bulletin: IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532) N/A
PH61546 Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-35153) N/A
Business Automation Workflow fixes for v23.0.2.0 tenants
Business Automation Workflow fixes for v23.0.2.0 tenants
Fix ID Fix Details Additional Pre-requisite Fixes
DT261360 Security Bulletin: Denial of service vulnerability in Johnzon affects IBM Business Automation Workflow - CVE-2023-33008 N/A
DT271567 Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-51775 DT259767: Deployment Manager startup fails due to missing IBM_BPM_DocumentStore.ear - IBM Business Automation Workflow
DT365552 Security Bulletin: Spring vulnerability in embedded components may affect IBM Business Automation Workflow - CVE-2024-22243 DT259767: Deployment Manager startup fails due to missing IBM_BPM_DocumentStore.ear - IBM Business Automation Workflow
DT378426 Security Bulletin: Vulnerability in jjwt may affect IBM Business Automation Workflow - CVE-2024-31033 N/A
DT378898 Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2024-25710, CVE-2024-26308 N/A
DT380055 Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Business Automation Workflow Configuration Editor N/A
DT380148 Security Bulletin: Multiple vulnerabilities in eclipse jetty affect IBM Business Automation Workflow
DT380377 Security Bulletin: Multiple vulnerabilities in angular.js affect IBM Business Automation Workflow N/A
DT382240 DT382240: SECURITY CROSS-SITE SCRIPTING VULNERABILITY CVE-2024-37528 - IBM Business Automation Workflow
Business Automation Workflow fixes for v21.0.3.1 tenants
Business Automation Workflow fixes for v21.0.3.1 tenants
Fix ID Fix Details Additional Pre-requisite Fixes
DT246679 Security Bulletin: Information Disclosure vulnerability affect IBM Business Automation Workflow - CVE-2023-31582 N/A
DT261360 Security Bulletin: Denial of service vulnerability in Johnzon affects IBM Business Automation Workflow - CVE-2023-33008 N/A
DT271567 Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-51775 N/A
DT365552 Security Bulletin: Spring vulnerability in embedded components may affect IBM Business Automation Workflow - CVE-2024-22243 N/A
DT378426
Security Bulletin: Vulnerability in jjwt may affect IBM Business Automation Workflow - CVE-2024-31033 N/A
DT378898
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2024-25710, CVE-2024-26308 N/A
DT380055 Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Business Automation Workflow Configuration Editor
DT380148 Security Bulletin: Multiple vulnerabilities in eclipse jetty affect IBM Business Automation Workflow
N/A
DT380377 Security Bulletin: Multiple vulnerabilities in angular.js affect IBM Business Automation Workflow Security Bulletin: Multiple vulnerabilities in angular.js may affect IBM Business Automation Workflow ( CVE-2019-14863, CVE-2020-7676, CVE-2019-10768)
DT382240

DT382240: SECURITY CROSS-SITE SCRIPTING VULNERABILITY CVE-2024-37528 - IBM Business Automation Workflow


Note: Clear browser cache before signing in following the maintenance window.

[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSLRPC","label":"IBM Business Automation Workflow on Cloud"},"ARM Category":[{"code":"a8mKe000000GmaiIAC","label":"Maintenance"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
28 June 2024

UID

ibm17159069