All the vulnerabilites related to ibm - process_federation_server
Vulnerability from fkie_nvd
Published
2020-04-02 15:15
Modified
2024-11-21 05:32
Severity ?
Summary
The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/177596 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6125403 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/177596 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6125403 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cloud_pak_for_automation | 19.0.3 | |
| ibm | process_federation_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBF76EB-4CFF-4652-81D5-8DDE886993F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:process_federation_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D34E3007-92F3-4AB4-9B6A-6D70F142434F",
"versionEndIncluding": "19.0.0.3",
"versionStartIncluding": "18.0.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can\u0027t recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596."
},
{
"lang": "es",
"value": "La API REST de Global Teams del IBM Process Federation Server versiones 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2 y 19.0.0.3, no cierra apropiadamente los grupos de subprocesos (hilos) que crea para recuperar la informaci\u00f3n de Global Teams desde los sistemas federados. Como consecuencia, la Java Virtual Machine no puede recuperar la memoria utilizada por esos grupos de subprocesos (hilos), lo que conlleva a una excepci\u00f3n OutOfMemory cuando la API REST de Global Teams del Process Federation Server es usado ampliamente. ID de IBM X-Force: 177596."
}
],
"id": "CVE-2020-4325",
"lastModified": "2024-11-21T05:32:35.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-02T15:15:17.843",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6125403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6125403"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-4325
Vulnerability from cvelistv5
Published
2020-04-02 14:20
Modified
2024-09-16 20:07
Severity ?
EPSS score ?
Summary
The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6125403 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/177596 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | IBM | Process Federation Server |
Version: 18.0.0.1 Version: 18.0.0.2 Version: 19.0.0.1 Version: 19.0.0.2 Version: 19.0.0.3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6125403"
},
{
"name": "ibm-icp4a-cve20204325-dos (177596)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Process Federation Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "18.0.0.1"
},
{
"status": "affected",
"version": "18.0.0.2"
},
{
"status": "affected",
"version": "19.0.0.1"
},
{
"status": "affected",
"version": "19.0.0.2"
},
{
"status": "affected",
"version": "19.0.0.3"
}
]
},
{
"product": "Automation Workstream Services in Cloud Pak for Automation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "19.0.0.3"
}
]
}
],
"datePublic": "2020-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can\u0027t recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:N/S:U/A:H/PR:L/I:N/AV:N/AC:L/UI:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T14:20:21",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6125403"
},
{
"name": "ibm-icp4a-cve20204325-dos (177596)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-01T00:00:00",
"ID": "CVE-2020-4325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Process Federation Server",
"version": {
"version_data": [
{
"version_value": "18.0.0.1"
},
{
"version_value": "18.0.0.2"
},
{
"version_value": "19.0.0.1"
},
{
"version_value": "19.0.0.2"
},
{
"version_value": "19.0.0.3"
}
]
}
},
{
"product_name": "Automation Workstream Services in Cloud Pak for Automation",
"version": {
"version_data": [
{
"version_value": "19.0.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can\u0027t recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6125403",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6125403 (Automation Workstream Services in Cloud Pak for Automation)",
"url": "https://www.ibm.com/support/pages/node/6125403"
},
{
"name": "ibm-icp4a-cve20204325-dos (177596)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4325",
"datePublished": "2020-04-02T14:20:22.033047Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T20:07:20.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}