OutOfMemory Handling Issue in IBM Process Federation Server
CVE-2020-4325
6.5MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 2 April 2020
Summary
The Global Teams REST API of IBM Process Federation Server versions 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 experiences an issue where thread pools created for retrieving Global Teams information are not properly shut down. This oversight results in the inability of the Java Virtual Machine to reclaim memory used by these thread pools, leading to potential OutOfMemory exceptions during extensive use of the REST API.
Affected Version(s)
Automation Workstream Services in Cloud Pak for Automation 19.0.0.3
Process Federation Server 18.0.0.1
Process Federation Server 18.0.0.2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved