Ibm Process Federation Server vulnerabilities

2 known vulnerabilities affecting ibm/process_federation_server.

Total CVEs

2

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2025-36054MEDIUMCVSS 6.1v24.0.0v24.0.1+1 more2025-11-06

CVE-2025-36054 [MEDIUM] CWE-79 CVE-2025-36054: IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004 IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitr

CVE-2020-4325MEDIUMCVSS 6.5≥ 18.0.0.1, ≤ 19.0.0.3v18.0.0.1+4 more2020-04-02

CVE-2020-4325 [MEDIUM] CWE-404 CVE-2020-4325: The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfM