## Summary
Vulnerability in Apache Kafka allow a remote authenticated attacker to execute arbitrary code may affect IBM Spectrum Control.
## Vulnerability Details
** CVEID: **[CVE-2023-25194]()
** DESCRIPTION: **Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when configuring the connector via the Kafka Connect REST API. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246698]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
IBM Spectrum Control| 5.4
## Remediation/Fixes
**Release**| **First Fixing**
**VRM Level**| **Link to Fix**
—|—|—
5.4| 5.4.10.1| ****
## Workarounds and Mitigations
None