Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass, caused by no PKCE support implemented.
CVEID:CVE-2020-7692
**DESCRIPTION:**Google APIs google-oauth-java-client could allow a remote attacker to bypass security restrictions, caused by no PKCE support implemented. By executing a specially-crafted application, an attacker could exploit this vulnerability to obtain the authorization code, and gain authorization to the protected resource.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184858 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
7.3
All GoogleCommon versions before 7.3.0-QRADAR-PROTOCOL-GoogleCommon-7.3-20210126200436
7.4
All GoogleCommon versions before 7.4.0-QRADAR-PROTOCOL-GoogleCommon-7.4-20210126200430
7.3
7.3.0-QRADAR-PROTOCOL-GoogleCommon-7.3-20210126200436
7.4
7.4.0-QRADAR-PROTOCOL-GoogleCommon-7.4-20210126200430
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.3 | |
ibm security qradar siem | eq | 7.4 |