CVE-2020-4325 vulnerability in IBM Products
Published on April 2, 2020

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.

NVD

Products Associated with CVE-2020-4325

stack.watch emails you whenever new vulnerabilities are published in IBM Cloud Pak For Automation or IBM Process Federation Server. Just hit a watch button to start following.

IBM Cloud Pak For Automation

IBM Process Federation Server

Affected Versions

IBM Process Federation Server:

Version 18.0.0.1 is affected.
Version 18.0.0.2 is affected.
Version 19.0.0.1 is affected.
Version 19.0.0.2 is affected.
Version 19.0.0.3 is affected.

IBM Automation Workstream Services in Cloud Pak for Automation:

Version 19.0.0.3 is affected.

Exploit Probability

EPSS

0.38%

Percentile

58.77%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-4325 vulnerability in IBM ProductsPublished on April 2, 2020

Products Associated with CVE-2020-4325

Affected Versions

Exploit Probability

CVE-2020-4325 vulnerability in IBM Products
Published on April 2, 2020