MicroFocus Updates

Content Manager End of Committed Support Dates and Security Bulletin

End of Support Reminder

Micro Focus have issued an End of Support Reminder for its Content Manager versions. Below outlines the dates for End of Committed Support for all current versions of Content Manager.

Note that End of Committed support means you will still be able to receive technical support and software updates (i.e. Major, Minor, Service Packs, Suite releases and existing Patches and Hotfixes) after the End of Committed Support date, so long as you have an active support agreement. However, you will not be able to receive defect support (new Patches and Hotfixes), critical security updates or enhancement requests after the End of Committed Support date.

iCognition recommends that if your organisation is on version 9.1 or 9.2, that you plan for an upgrade in 2020.

Content Manager Version Released End of Committed Support
Content Manager 9.0.x Jul 11, 2016 Sep 30, 2019
Content Manager 9.1.x Nov 29, 2016 Feb 28, 2020
Content Manager 9.2.x Nov 30, 2017 Dec 31, 2020
Content Manager 9.3.x Aug 01, 2018 Aug 31, 2021
Content Manager 9.4.x Aug 30, 2019 Sep 30, 2022

Content Manager Security Bulletin

Micro Focus has issued a security advisory for Content Manager (KM03489552 Micro Focus content manager, CVE-2019-11653). An access control bypass vulnerability has been identified in the Web Client component of Content Manager, affecting version 9.1 prior to 9.1.6.6, 9.2 prior to 9.2.3.2 and 9.3 prior to 9.3.2.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request. Existing mitigation information: To successfully exploit the vulnerability requires the attacker to have access to generally protected or inaccessible information, including having an active user account themselves, knowledge of internal identifiers of targeted user(s), and the name of files other users are actively operating against. In addition, the attacker has a limited time window to exploit the vulnerability during concurrent user activity, which can be further minimized by the system administrator via configuration.

Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Content Manager:

  • For 9.1.x, please upgrade to CONTENT_MANAGER_9.10_PATCH_6_HOTFIX_6 or newer
  • For 9.2.x, please upgrade to CONTENT_MANAGER_9.20_PATCH_3_HOTFIX_2 or newer
  • For 9.3.x, please upgrade to CONTENT_MANAGER_9.30_PATCH_2_HOTFIX_3 or newer

Please contact us if you need this patch applied to your system.