Vulnerability Details : CVE-2020-4325
The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.
Products affected by CVE-2020-4325
- cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*
- IBM » Process Federation ServerVersions from including (>=) 18.0.0.1 and up to, including, (<=) 19.0.0.3cpe:2.3:a:ibm:process_federation_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-4325
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-4325
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
IBM Corporation | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2020-4325
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-4325
-
https://www.ibm.com/support/pages/node/6125403
Security Bulletin: IBM Process Federation Server REST API is subject to DoS attacksVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/177596
IBM Process Federation Server denial of service CVE-2020-4325 Vulnerability ReportVDB Entry;Vendor Advisory
Jump to