Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a code execution vulnerability in Apache Kafka (CVE-2023-25194)
Discription

## Summary

A code execution vulnerability in Apache Kafka used byIBM InfoSphere Information Server was addressed.

## Vulnerability Details

** CVEID: **[CVE-2023-25194]()
** DESCRIPTION: **Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when configuring the connector via the Kafka Connect REST API. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246698]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
InfoSphere Information Server| 11.7

## Remediation/Fixes

**Product**| **VRMF**| **APAR**| **Remediation**
—|—|—|—
InfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7| [DT198283]( “DT198283” )| –Apply IBM InfoSphere Information Server version [11.7.1.0]()
–Apply InfoSphere Information Server version [11.7.1.4]( “” )
–Apply InfoSphere Information Server [11.7.1.4 Service pack 1]( “11.7.1.4 Service pack 1” )

## Workarounds and Mitigations

None

##Read More

Back to Main

Subscribe for the latest news: