CVE-2020-4325

Name of the Vulnerable Software and Affected Versions IBM Process Federation Server versions 18.0.0.1 through 19.0.0.3

Description The issue arises from the improper shutdown of thread pools created by the Global Teams REST API to retrieve information from federated systems. This leads to a memory leak, as the Java Virtual Machine cannot recover the memory used by these thread pools, resulting in an OutOfMemory exception when the API is extensively used.

Recommendations For versions 18.0.0.1 through 19.0.0.3, consider restricting the use of the Global Teams REST API to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider implementing measures to monitor and manage memory usage to prevent OutOfMemory exceptions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.