High Severity

Security Bulletin: Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass (CVE-2020-7692)

Share this post:

Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass, caused by no PKCE support implemented.

Affected product(s) and affected version(s):

7.3

All GoogleeCommon versions before 7.3.0-QRADAR-PROTOCOL-GoogleCommon-7.3-20210126200436

7.4

All GoogleeCommon versions before 7.4.0-QRADAR-PROTOCOL-GoogleCommon-7.4-20210126200430

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6417571

More stories

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Automation Manager

May 13, 2021 8:02 pm EDT | High Severity

A security vulnerability in Node.js affects IBM Cloud Automation Manager. ...read more


Security Bulletin: Vulnerabilities in the Python, Docker, and ICP affect IBM Spectrum Discover

May 13, 2021 8:01 pm EDT | High Severity

Vulnerabilities in the Python, Docker, and ICP such as a hole to obtain confidential information, denial of service, unauthorized access with high privileges, duplicate entries and CRLF injection, may affect IBM Spectrum Discover ...read more


Security Bulletin: A security vulnerability in Node.js hosted-git-info module affects IBM Cloud Automation Manager

May 13, 2021 8:01 pm EDT | High Severity

A security vulnerability in Node.js hosted-git-info module affects IBM Cloud Automation Manager. ...read more