Product Updates & Security Announcements

April 13, 2023

At VersaFile we work with our customers to help them plan and manage their Systems, and to ensure any potential vulnerabilities are promptly addressed and any potential risks are mitigated. We track product lifecycle updates and monitor security bulletins as part of our cloud and managed services.

We publish these reports to assist our clients plan and understand the support lifecycle for their current versions and ensure they can continue to receive product support and critical updates.

This page is updated on a regular basis, based on product lifecycle updates and published security bulletins.

Security Announcements
Product Lifecycle Updates

Sign up to receive a notification any time a project update is provided or a Security Bulletin of high severity is posted.

Security Announcements:

Week of March 30, 2023

CVEID	Published	Severity	Description	Products affected	Remediation	APAR list
CVE-2022-3509 CVE-2022-3171	Mar 30	Medium	Multiple Vulnerabilities have been identified in WebSphere Application Server Liberty shipped with Cloud Pak System	IBM Cloud Pak System Software	Apply Interm Fix https://www.ibm.com/support/pages/node/6841847	PH50342
CVE-2022-43680	10-Feb	Critical	Multiple vulnerabilities in the Expat library affect IBM® Db2® Net Search Extender may lead to denial of service or arbitrary code execution. These vulnerabilities have been addressed.	IBM DB2 V9.7, 10.1, 10.5, 11.1	Customers running any vulnerable fixpack level of an affected Program, V9.7, V10.1, V10.5, and v11.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V9.7 FP11, V10.1 FP6, V10.5 FP11, and V11.1.4 FP7. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.
CVE-2022-43930	10-Feb	Critical	IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file. (CVE-2022-43930)	Db2 for Linux, UNIX and Windows	Customers running any vulnerable fixpack level of an affected Program, V10.5, v11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V10.5 FP11, V11.1.4 FP7, and V11.5.8. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.
CVE-2022-25887	10-Feb	Critical	Node.js sanitize-html module is vulnerable to a denial of service, caused by insecure global regular expression replacement logic of HTML comment removal. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a Regular Expression Denial of Service (ReDoS).	IBM Business Automation Workflow traditional	Apply DT178158	DT178158
CVE-2023-23477	10-Feb	Critical	WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.	IBM Business Automation Workflow traditional 8.5 and 9.0	Apply fixpack 9.0.5.8 or 8.5.5.20
CVE-2022-21628	10-Feb	Critical	Multiple Vulnerabilities were disclosed as part of the Oracle October 2022 Critical Patch Update.	ICC for SAP v4.0	Use IBM Content Collector for SAP Applications4.0.0.2-ICCSAP-FP2-JRE-8.0.7.20 Use IBM Content Collector for SAP Applications4.0.0.3-ICCSAP-Base-JRE-8.0.7.20 Use IBM Content Collector for SAP Applications4.0.0.4-ICCSAP-Base-JRE-8.0.7.20

Product Lifecycle Updates:

IBM FileNet P8 Content Platform Engine (CPE) and IBM Content Navigator (ICN)

Component	Release	Long Term Service Release (LTSR)	Release Date	End of Fix Support	End of Service Previous LTSR
CPE	5.5.10	No	12/16/2022	TBA	TBA 5.5.8
ICN	3.0.13	No	12/16/2022	TBA	TBA 5.5.8
CPE	5.5.9	No	6/24/2022	TBA	TBA 5.5.8
ICN	3.0.12	No	6/24/2022	TBA	TBA 3.0.11
CPE	5.5.8	Yes	12/17/2021	TBA	TBA 5.5.4
ICN	3.0.11	Yes	12/17/2021	TBA	TBA 3.0.7
CPE	5.5.7	No	6/25/2021	6/30/2022	TBA 5.5.4
ICN	3.0.10	No	6/25/2021	6/24/2022	TBA 3.0.7
CPE	5.5.6	No	12/18/2020	12/31/2021	TBA 5.5.4
ICN	3.0.9	No	12/18/2020	12/31/2021	TBA 3.0.7
CPE	5.5.5	No	6/26/2020	6/25/2021	TBA 5.5.4
ICN	3.0.8	No	6/26/2020	6/25/2021	TBA 3.0.7
CPE	5.5.4	Yes	12/12/2019	4/30/2023	TBA n.a.
ICN	3.0.7	Yes	12/12/2019	4/30/2023	TBA n.a.
CPE	5.5.3	No	6/28/2019	6/26/2020	TBA n.a.
ICN	3.0.6	No	6/28/2019	6/26/2020	TBA n.a.
CPE	5.5.2	No	12/13/2018	12/13/2019	TBA n.a.
ICN	3.0.5	No	12/13/2018	12/20/2019	TBA n.a.
CPE	5.5.1	No	6/28/2018	6/28/2019	TBA n.a.
ICN	3.0.4	No	3/14/2018	6/21/2019	TBA n.a.
CPE	5.5.0	No	12/7/2017	12/7/2018	TBA n.a.
ICN	3.0.3	No	12/7/2017	4/15/2019	TBA n.a.
ICN	3.0.2	No	9/29/2017	10/16/2018	TBA n.a.
ICN	3.0.1	No	4/2/2017	7/5/2018	TBA n.a.
ICN	3.0.0	No	12/16/2016	6/2/2017	TBA n.a.
CPE	5.2.1	No	10/31/2014	7/5/2019	4/30/2019 n.a.
CPE	5.2.0	No	3/15/2013	1/27/2017	4/30/2019 n.a.

IBM Case Manager

Release	Type	Release Date (GA)	End of Fix Support	End of Support
5.3.x	CD Update	16-Dec-16	12-Nov-19	30-Sep-23

IBM Business Automation Workflow (BAW)

IBM BAW	Publish date	End of support	Eligible for new interim fixes (full support)	Update or Long Term Service Release (LTSR)	Comment
IBM Business Automation Workflow 18.0.0.0	3/23/2018	3/23/2020	No	Update
IBM Business Automation Workflow 18.0.0.1	7/6/2018	7/6/2020	No	Update
IBM Business Automation Workflow 18.0.0.2	12/13/2018	12/13/2020	No	Update
IBM Business Automation Workflow 19.0.0.1	4/4/2019	4/4/2021	No	Update
IBM Business Automation Workflow 19.0.0.2	6/27/2019	6/27/2021	No	Update
IBM Business Automation Workflow 19.0.0.3	12/12/2019	10/31/2022	No (except with extended support contract.)	LTSR	Paid support extensions available through 2023-10-31.
IBM Business Automation Workflow 20.0.0.1	6/26/2020	4/30/2023	No (ended 2021-06-25)	Update
IBM Business Automation Workflow 20.0.0.2	12/18/2020	4/30/2023	Yes (through 2023-04-30)	LTSR	Paid support extensions available through 2024-04-30.
IBM Business Automation Workflow 21.0.2	6/25/2021	6/25/2023	No (ended 2022-06-25)	Update
IBM Business Automation Workflow 21.0.3	12/17/2021	12/17/2024	Yes (through 2024-12-17)	LTSR	Also applies to Recommended Security Update: IBM Business Automation Workflow 21.0.3.1).
IBM Business Automation Workflow 22.0.1	6/24/2022	6/24/2024	Yes (through 2023-06)	Update
IBM Business Automation Workflow 22.0.2	12/16/2022	12/16/2024	Yes (through 2023-06)	Update

IBM Cloud Pak for Business Automation (CP4BA)

Release	Type	Release Date (GA)	End of Fix Support	End of Support
18.0.0	CD Update	Oct. 19, 2018	22-Mar-19	Oct. 20, 2020
18.0.1	CD Update	Dec. 14, 2018	28-Jun-19	Dec. 15, 2020
18.0.2	CD Update	22-Mar-19	Sept. 27, 2019	23-Mar-21
19.0.1	CD Update	28-Jun-19	Dec. 20, 2019	29-Jun-21
19.0.2	CD Update	Sept. 27, 2019	27-Mar-20	Sept. 28, 2021
19.0.3	CD Update	Dec. 20, 2019	26-Jun-20	Dec. 21, 2021
20.0.1	CD Update	27-Mar-20	Dec. 18, 2020	28-Mar-22
20.0.2	CD Update	26-Jun-20	26-Mar-21	27-Jun-22
20.0.3	CD (extended fix life)	Dec. 18, 2020	24-Jun-22	Dec. 19, 2022
21.0.1	CD Update	26-Mar-21	17-Dec-21	27-Mar-23
21.0.2	CD Update	25-Jun-21	24-Jun-22	26-Jun-23
21.0.3	LTSR	Dec. 17, 2021	17-Dec-23	Dec. 18, 2024
22.0.1	CD Update	24-Jun-22	15-Dec-22	25-Jun-24
22.0.2	CD Update	15-Dec-22	*	16-Dec-24

BlueShore Financial Driving Business Growth with Intelligent Automation

DOCUFLOW

INTEGRATIONS

APPLICATIONS

INTELLIGENT AUTOMATION

CAPABILITIES

APPLICATIONS

PROFESSIONAL SERVICES

MANAGED SERVICES

COMPANY

PARTNERS

Product Updates & Security Announcements

Sign up to receive a notification any time a project update is provided or a Security Bulletin of high severity is posted.

Security Announcements:

Product Lifecycle Updates:

Vancouver

Seattle