1. Home
  2. CVE Database
  3. CVE-2020-4325
MEDIUM · 6.5

CVE-2020-4325

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams inform...

Vulnerability Description

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
IbmCloud Pak For Automation19.0.3
IbmProcess Federation Server>= 18.0.0.1, <= 19.0.0.3

Related Weaknesses (CWE)

CWE-404

References

FAQ

What is CVE-2020-4325?

CVE-2020-4325 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams inform...

How severe is CVE-2020-4325?

CVE-2020-4325 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-4325?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Cloud Pak For Automation, Ibm Process Federation Server.