CVE-2020-4325 Information

Description

The IBM Process Federation Server 18.0.0.1 18.0.0.2 19.0.0.1 19.0.0.2 and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence the Java Virtual Machine can’t recover the memory used by those thread pools which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/177596 https://www.ibm.com/support/pages/node/6125403

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5