Security Bulletin: Vulnerability in Google OAuth Client Library affects watsonx.data
Discription

Summary Google OAuth Client Library for Java could allow a remote attacker to bypass security restrictions, caused by improper verification of token signatures. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification on the client side or to gain authorization to the protected resource in watsonx.data. Vulnerability Details ** CVEID: CVE-2021-22573 DESCRIPTION: **Google OAuth Client Library for Java could allow a remote attacker to bypass security restrictions, caused by improper verification of token signatures. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification on the client side. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226003 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) ** CVEID: CVE-2020-7692 DESCRIPTION: **Google APIs google-oauth-java-client could allow a remote attacker to bypass security restrictions, caused by no PKCE support implemented. By executing a specially-crafted application, an attacker could exploit this vulnerability to obtain the authorization code, and gain authorization to the protected resource. CVSS Base score: 7.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184858 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) Affected Products and Versions Affected Product(s)|…Read More

Back to Main

Subscribe for the latest news: