IBM Process Federation Server Global Teams REST API does not properly shut down the thread pools that it creates, leading to OutOfMemory exceptions, and could be targeted by DoS attacks.
CVEID:CVE-2020-4325
**DESCRIPTION:**The IBM Process Federation Server Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can’t recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177596 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Automation Workstream Services in Cloud Pak for Automation | 19.0.3 |
IBM Process Federation Server | 18.0.0.1 to 19.0.0.3 included |
Fixed Product(s) | Version(s) |
---|---|
IBM Automation Workstream Services in Cloud Pak for Automation | 20.0.1 |
IBM Process Federation Server | 20.0.1 |
iFixes for APAR JR62105 can also be installed on IBM Process Federation Server version 18.0.0.1 to 19.0.0.3 included in order to fix the vulnerability.
None