3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
8.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
23.8%
Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass. IBM QRadar SIEM has addressed the applicable vulnerability.
CVEID:CVE-2021-22573
**DESCRIPTION:**Google OAuth Client Library for Java could allow a remote attacker to bypass security restrictions, caused by improper verification of token signatures. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification on the client side.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226003 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM QRadar SIEM | All GoogleCommon versions before 7.5.0-QRADAR-PROTOCOL-GoogleCommon-7.5-20230310180259.noarch.rpm |
IBM QRadar SIEM | All GoogleCommon versions before 7.4.0-QRADAR-PROTOCOL-GoogleCommon-7.4-20230310180308.noarch.rpm |
Product | Version | Remediation/First Fix |
---|---|---|
IBM QRadar SIEM | 7.5.0 | 7.5.0-QRADAR-PROTOCOL-GoogleCommon-7.5-20230310180259.noarch.rpm |
IBM QRadar SIEM | 7.4.0 | 7.4.0-QRADAR-PROTOCOL-GoogleCommon-7.4-20230310180308.noarch.rpm |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.5 | |
ibm security qradar siem | eq | 7.5 |
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
8.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
23.8%