Site icon API Security Blog

Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is affected by vulnerability in Apache Kafka (CVE-2023-25194)

## Summary

Apache Kafka is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library as part of the Kafka integration. The latest patch includes Apache Kafka 3.4.0 to fix the vulnerability. (CVE-2023-25194)

## Vulnerability Details

** CVEID: **[CVE-2023-25194]()
** DESCRIPTION: **Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when configuring the connector via the Kafka Connect REST API. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246698]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Affected Products and Versions

**Affected Product(s)**| **Version(s)**
—|—
IBM Tivoli Netcool/OMNIbus Integration – Transport Module Common Integration Library| common-transportmodule-18_0 up to and including common-transportmodule-36_0

## Remediation/Fixes

Updated Product(s)| Version(s)| Remediation/Fix/Instructions
—|—|—
IBM Tivoli Netcool/OMNIbus Integration – Transport Module Common Integration Library| common-transportmodule-37_0| Refer to [release notice]( “release notice” ) for the part number of the new package and instructions for the upgrade

## Workarounds and Mitigations

None

##Read More

Exit mobile version