IBM Support

Fix list for IBM Business Automation Workflow on Cloud - January 2025 Maintenance

Fix Readme


Abstract

The following document is a list of fixes, along with their descriptions, for the IBM Business Automation Workflow on Cloud January 2025 Maintenance. For older maintenance and other related documents, refer to the links in the Related Information section at the bottom of this document.

Content

The IBM Business Automation Workflow on Cloud service will be undergoing a regularly scheduled maintenance window for critical bug fixes and security updates.
 
This maintenance is being deployed by the Cloud Pak for Business Automation as a Service Site Reliability Engineering (SRE) team. The outage to the tenant production RUN environments will be intermittent and limited to 60 minutes or less during the first hour of the maintenance window.
 
WebSphere Application Server fixes for all Business Automation Workflow on Cloud tenants
WebSphere Application Server fixes for all Business Automation Workflow on Cloud tenants
Fix ID Fix Details Additional Pre-requisite Fixes
PH63897 Security Bulletin: Vulnerability in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to October 2024 CPU N/A
PH62753 IBM WebSphere Application Server is vulnerable to a denial of service (CVE-2024-45085 CVSS 5.9) N/A
PH63541  IBM WEBSPHERE APPLICATION SERVER IS VULNERABLE TO AN XML EXTERNAL ENTITY INJECTION (XXE) VULNERABILITY (CVE-2024-45072 CVSS 5.5) N/A
PH63540 IBM WebSphere Application Server is vulnerable to stored cross-site scripting (CVE-2024-45071 CVSS 5.5) N/A
PH62937

IBM WebSphere Application Server is vulnerable to stored cross-site scripting (CVE-2024-45073 CVSS 4.8)

 N/A
PH63032 

IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)

 N/A
PH62952

IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-45087 CVSS 4.8)

 N/A

Back to top

Business Automation Workflow fixes for v24.0.0.0 tenants

Back to top

Business Automation Workflow fixes for v21.0.3.1 tenants
Business Automation Workflow fixes for v21.0.3.1 tenants
Fix ID Fix Details Additional Pre-requisite Fixes
DT220319 [DT220319] PERFORMANCE DEGRADATION WHEN RUNNING REST API (DELETE) /OPS/STD/BPM/PROCESSES OR RUNNING BPMPROCESSINSTANCESPURGE COMMAND N/A
DT397840  [DT397840] CVE-2024-22262, CVE-2024-38809 in Spring Framework IBM Business Automation Workflow N/A
DT396249 DT396249 CVE-2024-39338 in axios affects IBM Business Automation Studio and Workflow Center - IBM Business Automation Workflow

Back to top


Note: Clear browser cache before signing in following the maintenance window.

[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSLRPC","label":"IBM Business Automation Workflow on Cloud"},"ARM Category":[{"code":"a8mKe000000GmaiIAC","label":"Maintenance"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
16 December 2024

UID

ibm17178831

Page Feedback