Summary There is a vulnerability in kafka-clients-2.8.2.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details ** CVEID: CVE-2023-25194 DESCRIPTION: **Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when configuring the connector via the Kafka Connect REST API. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system. CVSS Base score: 8.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246698 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Maximo Application Suite – Manage Component| MAS 8.10.0 – Manage 8.6.0 IBM Maximo Application Suite – Manage Component| MAS 8.11.0 – Manage 8.7.0 Remediation/Fixes For IBM Maximo Manage application in IBM Maximo Application Suite: MAS| Manage Patch Fix or Release —|— Upgrade to MAS 8.10.9| Upgrade to Manage 8.6.9 or latest (available from the Catalog under Update Available) Upgrade to MAS 8.11.6| Upgrade to Manage 8.7.4 or latest (available from the Catalog under Update Available) Workarounds and Mitigations…Read More