Site icon API Security Blog

Security Bulletin: Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass (CVE-2021-22573)

## Summary

Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass. IBM QRadar SIEM has addressed the applicable vulnerability.

## Vulnerability Details

** CVEID: **[CVE-2021-22573]()
** DESCRIPTION: **Google OAuth Client Library for Java could allow a remote attacker to bypass security restrictions, caused by improper verification of token signatures. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification on the client side.
CVSS Base score: 6.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226003]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
IBM QRadar SIEM| All GoogleCommon versions before 7.5.0-QRADAR-PROTOCOL-GoogleCommon-7.5-20230310180259.noarch.rpm
IBM QRadar SIEM| All GoogleCommon versions before 7.4.0-QRADAR-PROTOCOL-GoogleCommon-7.4-20230310180308.noarch.rpm

## Remediation/Fixes

**Product**| **Version**| **_Remediation/First Fix_**
—|—|—
IBM QRadar SIEM| 7.5.0 | [7.5.0-QRADAR-PROTOCOL-GoogleCommon-7.5-20230310180259.noarch.rpm ]()
IBM QRadar SIEM| 7.4.0 | [7.4.0-QRADAR-PROTOCOL-GoogleCommon-7.4-20230310180308.noarch.rpm ]()

## Workarounds and Mitigations

None

##Read More

Exit mobile version