// For flags

CVE-2020-4325

 

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.

La API REST de Global Teams del IBM Process Federation Server versiones 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2 y 19.0.0.3, no cierra apropiadamente los grupos de subprocesos (hilos) que crea para recuperar la información de Global Teams desde los sistemas federados. Como consecuencia, la Java Virtual Machine no puede recuperar la memoria utilizada por esos grupos de subprocesos (hilos), lo que conlleva a una excepción OutOfMemory cuando la API REST de Global Teams del Process Federation Server es usado ampliamente. ID de IBM X-Force: 177596.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-12-30 CVE Reserved
  • 2020-04-02 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-404: Improper Resource Shutdown or Release
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ibm
Search vendor "Ibm"
Cloud Pak For Automation
Search vendor "Ibm" for product "Cloud Pak For Automation"
19.0.3
Search vendor "Ibm" for product "Cloud Pak For Automation" and version "19.0.3"
-
Affected
Ibm
Search vendor "Ibm"
Process Federation Server
Search vendor "Ibm" for product "Process Federation Server"
>= 18.0.0.1 <= 19.0.0.3
Search vendor "Ibm" for product "Process Federation Server" and version " >= 18.0.0.1 <= 19.0.0.3"
-
Affected