Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-4325

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.

Published

2020-04-02T15:15:17.843

Last Modified

2024-11-21T05:32:35.660

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-404

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	cloud_pak_for_automation	19.0.3	Yes
Application	ibm	process_federation_server	≤ 19.0.0.3	Yes

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/177596 VDB Entry, Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/6125403 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/177596 VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/6125403 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)