Summary There is a vulnerability in kafka-clients-2.8.2.jar used by IBM Maximo Asset Management application. Vulnerability Details ** CVEID: CVE-2023-25194 DESCRIPTION: **Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when configuring the connector via the Kafka Connect REST API. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system. CVSS Base score: 8.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246698 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions Product versions affected: Affected Product(s)| Version(s) —|— IBM Maximo Asset Management| 7.6.1.3 To determine the core product version, log in and view System Information. The core product version is the "Tivoli's process automation engine" version. Please consult the Platform Matrix for a list of supported product combinations. Remediation/Fixes The recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central and apply for each affected product as soon as possible. Please see below for information on the fixes available for each product, version, and release. Follow the installation instructions in the ‘readme’ documentation provided with each fix pack or interim fix. For Maximo Asset Management 7.6:…Read More