High Severity

Security Bulletin: Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass (CVE-2020-7692)

Share this post:

Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass, caused by no PKCE support implemented.

Affected product(s) and affected version(s):

7.3

All GoogleCommon versions before 7.3.0-QRADAR-PROTOCOL-GoogleCommon-7.3-20210126200436

7.4

All GoogleCommon versions before 7.4.0-QRADAR-PROTOCOL-GoogleCommon-7.4-20210126200430

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6417571

More stories

Security Bulletin: Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258)

Apr 21, 2021 8:00 pm EDT | High Severity

There is a vulnerability in the Dojo library used by WebSphere Application Server. This has been addressed. ...read more


Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20454)

Apr 20, 2021 8:00 pm EDT | High Severity

WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability. This has been addressed. ...read more


Security Bulletin: Update available for OpenSSL vulnerabilities affecting IBM Watson Speech Services 1.2.1

Apr 20, 2021 8:00 pm EDT | High Severity

There is an update available for OpenSSL vulnerabilities affecting IBM Watson Speech Services 1.2.1. ...read more