CVE-2020-4325

MEDIUM

IBM Process Federation Server 18.0.0.1-19.0.0.3 - Denial of Service via Global Teams REST API Thread Pool Leak

Title source: llm
STIX 2.1

Description

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6125403
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/177596

Scores

CVSS v3 6.5
EPSS 0.0146
EPSS Percentile 70.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-404
Status published
Products (2)
ibm/cloud_pak_for_automation 19.0.3
ibm/process_federation_server 18.0.0.1 - 19.0.0.3
Published Apr 02, 2020
Tracked Since Feb 18, 2026