17 matches found
OESA-2025-2434 google-oauth-java-client security update
Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...
OESA-2025-2430 google-oauth-java-client security update
Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...
Linux Distros Unpatched Vulnerability : CVE-2021-22573
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from...
openSUSE Security Advisory (SUSE-SU-2024:0806-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Vulnerability in Google OAuth Client Library affects watsonx.data
Summary Google OAuth Client Library for Java could allow a remote attacker to bypass security restrictions, caused by improper verification of token signatures. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification on the client side or to gai...
openSUSE 15: google-oauth-java-client / google-oauth-java-client-java6 / etc (SUSE-SU-2024:0806-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0806-1 advisory. - CVE-2021-22573: Fixed token signature not verified bsc1199188. Tenable has extracted the preceding description block directly from the SUSE security...
Security Bulletin: Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass (CVE-2021-22573)
Summary Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2021-22573 DESCRIPTION: Google OAuth Client Library for Java could allow a remote attacker to...
Important: Red Hat Security Advisory: Red Hat Camel for Spring Boot 3.14.5 release and security update
A minor version update from 3.14.2 to 3.14.5 is now available for Camel for Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common...
Security Bulletin: A security vulnerability has been identified in Google OAuth Client shipped with IBM Tivoli Netcool Impact (CVE-2021-22573)
Summary Google OAuth Client is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Google OAuth Client has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-22573 DESCRIPTION: Google OAuth Client Library for Java could allow a...
Important: Red Hat Security Advisory: Red Hat Fuse Online 7.10.2.P1 security update
A patch update from 7.10.1 to 7.10.2.P1 is now available for Red Hat Fuse Online. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
Important: Red Hat Security Advisory: Red Hat Fuse 7.10.2.P1 security update
A patch update from 7.10.2 to 7.10.2.P1 is now available for Red Hat on OpenShift for EAP, Karaf, and Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of...
High-Severity Bug Reported in Google's OAuth Client Library for Java
Google last month addressed a high-severity flaw in its OAuth client library for Java that could be abused by a malicious actor with a compromised token to deploy arbitrary payloads. Tracked as CVE-2021-22573, the vulnerability is rated 8.7 out of 10 for severity and relates to an authentication...
CVE-2021-22573
creationtimestamp| type| source ---|---|--- 2022-05-03 20:34:05+00:00| seen| https://t.me/cibsecurity/41833 2022-05-21 06:12:07+00:00| seen| https://t.me/cKure/9574 2024-04-12 08:45:22+00:00| seen| https://t.me/arpsyndicate/4568 2025-04-21 14:02:18+00:00| published-proof-of-concept|...
CVE-2021-22573
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...
CVE-2021-22573
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...
CVE-2021-22573 Incorrect signature verification on Google-oauth-java-client
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...
CVE-2021-22573
CVE-2021-22573 involves Google OAuth Client Library for Java where IdTokenVerifier may bypass verification because the signature is not checked before claims verification. The vulnerability allows an attacker to present a compromised IdToken with a modified payload that could pass client-side val...