End of Support Reminder
Micro Focus have issued an End of Support Reminder for its Content Manager versions. Below outlines the dates for End of Committed Support for all current versions of Content Manager.
Note that End of Committed support means you will still be able to receive technical support and software updates (i.e. Major, Minor, Service Packs, Suite releases and existing Patches and Hotfixes) after the End of Committed Support date, so long as you have an active support agreement. However, you will not be able to receive defect support (new Patches and Hotfixes), critical security updates or enhancement requests after the End of Committed Support date.
iCognition recommends that if your organisation is on version 9.1 or 9.2, that you plan for an upgrade in 2020.
|Content Manager Version||Released||End of Committed Support|
|Content Manager 9.0.x||Jul 11, 2016||Sep 30, 2019|
|Content Manager 9.1.x||Nov 29, 2016||Feb 28, 2020|
|Content Manager 9.2.x||Nov 30, 2017||Dec 31, 2020|
|Content Manager 9.3.x||Aug 01, 2018||Aug 31, 2021|
|Content Manager 9.4.x||Aug 30, 2019||Sep 30, 2022|
Content Manager Security Bulletin
Micro Focus has issued a security advisory for Content Manager (KM03489552 Micro Focus content manager, CVE-2019-11653). An access control bypass vulnerability has been identified in the Web Client component of Content Manager, affecting version 9.1 prior to 220.127.116.11, 9.2 prior to 18.104.22.168 and 9.3 prior to 22.214.171.124. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request. Existing mitigation information: To successfully exploit the vulnerability requires the attacker to have access to generally protected or inaccessible information, including having an active user account themselves, knowledge of internal identifiers of targeted user(s), and the name of files other users are actively operating against. In addition, the attacker has a limited time window to exploit the vulnerability during concurrent user activity, which can be further minimized by the system administrator via configuration.
Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Content Manager:
- For 9.1.x, please upgrade to CONTENT_MANAGER_9.10_PATCH_6_HOTFIX_6 or newer
- For 9.2.x, please upgrade to CONTENT_MANAGER_9.20_PATCH_3_HOTFIX_2 or newer
- For 9.3.x, please upgrade to CONTENT_MANAGER_9.30_PATCH_2_HOTFIX_3 or newer
Please contact us if you need this patch applied to your system.