github - ghsa-f726-9xgv-wf6h

ghsa-f726-9xgv-wf6h

Vulnerability from github

Published

2022-05-24 17:13

Modified

2022-05-24 17:13

Details

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-4325"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-02T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can\u0027t recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.",
  "id": "GHSA-f726-9xgv-wf6h",
  "modified": "2022-05-24T17:13:19Z",
  "published": "2022-05-24T17:13:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4325"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6125403"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2020-4325

Vulnerability from cvelistv5

Published

2020-04-02 14:20

Modified

2024-09-16 20:07

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Summary

References

▼	URL	Tags
	https://www.ibm.com/support/pages/node/6125403	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/177596	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

▼

IBM

Process Federation Server

Version: 18.0.0.1
Version: 18.0.0.2
Version: 19.0.0.1
Version: 19.0.0.2
Version: 19.0.0.3

IBM

Automation Workstream Services in Cloud Pak for Automation

Version: 19.0.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:07.796Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6125403"
          },
          {
            "name": "ibm-icp4a-cve20204325-dos (177596)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Process Federation Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "18.0.0.1"
            },
            {
              "status": "affected",
              "version": "18.0.0.2"
            },
            {
              "status": "affected",
              "version": "19.0.0.1"
            },
            {
              "status": "affected",
              "version": "19.0.0.2"
            },
            {
              "status": "affected",
              "version": "19.0.0.3"
            }
          ]
        },
        {
          "product": "Automation Workstream Services in Cloud Pak for Automation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "19.0.0.3"
            }
          ]
        }
      ],
      "datePublic": "2020-04-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can\u0027t recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:N/S:U/A:H/PR:L/I:N/AV:N/AC:L/UI:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-02T14:20:21",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6125403"
        },
        {
          "name": "ibm-icp4a-cve20204325-dos (177596)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-04-01T00:00:00",
          "ID": "CVE-2020-4325",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Process Federation Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "18.0.0.1"
                          },
                          {
                            "version_value": "18.0.0.2"
                          },
                          {
                            "version_value": "19.0.0.1"
                          },
                          {
                            "version_value": "19.0.0.2"
                          },
                          {
                            "version_value": "19.0.0.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Automation Workstream Services in Cloud Pak for Automation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "19.0.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can\u0027t recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6125403",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6125403 (Automation Workstream Services in Cloud Pak for Automation)",
              "url": "https://www.ibm.com/support/pages/node/6125403"
            },
            {
              "name": "ibm-icp4a-cve20204325-dos (177596)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177596"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4325",
    "datePublished": "2020-04-02T14:20:22.033047Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T20:07:20.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted