Lucene search
+L

17 matches found

osv
osv
added 2025/10/17 2:54 p.m.6 views

OESA-2025-2434 google-oauth-java-client security update

Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...

8.7CVSS6.9AI score0.00287EPSS
Exploits0References2
osv
osv
added 2025/10/17 2:54 p.m.6 views

OESA-2025-2430 google-oauth-java-client security update

Written by Google, the Google OAuth Client Library for Java is a powerful and easy-to-use Java library for the OAuth 1.0a and OAuth 2.0 authorization standards. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. It is built o...

8.7CVSS6.9AI score0.00287EPSS
Exploits0References2
nessus
nessus
added 2025/03/04 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2021-22573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from...

8.7CVSS7.1AI score0.00287EPSS
Exploits0References3
openvas
openvas
added 2025/02/25 12:0 a.m.10 views

openSUSE Security Advisory (SUSE-SU-2024:0806-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS8AI score0.00287EPSS
Exploits0References4
ibm
ibm
added 2024/09/05 6:7 p.m.43 views

Security Bulletin: Vulnerability in Google OAuth Client Library affects watsonx.data

Summary Google OAuth Client Library for Java could allow a remote attacker to bypass security restrictions, caused by improper verification of token signatures. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification on the client side or to gai...

9.1CVSS8.1AI score0.01587EPSS
Exploits1Affected Software1
nessus
nessus
added 2024/03/08 12:0 a.m.37 views

openSUSE 15: google-oauth-java-client / google-oauth-java-client-java6 / etc (SUSE-SU-2024:0806-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0806-1 advisory. - CVE-2021-22573: Fixed token signature not verified bsc1199188. Tenable has extracted the preceding description block directly from the SUSE security...

8.7CVSS7.2AI score0.00287EPSS
Exploits0References4
ibm
ibm
added 2023/06/29 3:5 p.m.44 views

Security Bulletin: Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass (CVE-2021-22573)

Summary Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2021-22573 DESCRIPTION: Google OAuth Client Library for Java could allow a remote attacker to...

8.7CVSS7.6AI score0.00287EPSS
Exploits0Affected Software1
redhat
redhat
added 2022/10/25 1:42 p.m.61 views

Important: Red Hat Security Advisory: Red Hat Camel for Spring Boot 3.14.5 release and security update

A minor version update from 3.14.2 to 3.14.5 is now available for Camel for Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

8.7CVSS7.1AI score0.00287EPSS
Exploits0References3
ibm
ibm
added 2022/07/06 4:33 a.m.42 views

Security Bulletin: A security vulnerability has been identified in Google OAuth Client shipped with IBM Tivoli Netcool Impact (CVE-2021-22573)

Summary Google OAuth Client is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Google OAuth Client has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-22573 DESCRIPTION: Google OAuth Client Library for Java could allow a...

8.7CVSS0.5AI score0.00287EPSS
Exploits0Affected Software1
redhat
redhat
added 2022/06/14 2:46 p.m.50 views

Important: Red Hat Security Advisory: Red Hat Fuse Online 7.10.2.P1 security update

A patch update from 7.10.1 to 7.10.2.P1 is now available for Red Hat Fuse Online. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

9.3CVSS7.2AI score0.01799EPSS
Exploits1References3
redhat
redhat
added 2022/06/07 1:52 p.m.49 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.10.2.P1 security update

A patch update from 7.10.2 to 7.10.2.P1 is now available for Red Hat on OpenShift for EAP, Karaf, and Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of...

8.7CVSS7.1AI score0.00287EPSS
Exploits0References3
thn
thn
added 2022/05/19 10:5 a.m.62 views

High-Severity Bug Reported in Google's OAuth Client Library for Java

Google last month addressed a high-severity flaw in its OAuth client library for Java that could be abused by a malicious actor with a compromised token to deploy arbitrary payloads. Tracked as CVE-2021-22573, the vulnerability is rated 8.7 out of 10 for severity and relates to an authentication...

8.7CVSS0.5AI score0.00287EPSS
Exploits0
circl
circl
added 2022/05/03 8:34 p.m.6 views

CVE-2021-22573

creationtimestamp| type| source ---|---|--- 2022-05-03 20:34:05+00:00| seen| https://t.me/cibsecurity/41833 2022-05-21 06:12:07+00:00| seen| https://t.me/cKure/9574 2024-04-12 08:45:22+00:00| seen| https://t.me/arpsyndicate/4568 2025-04-21 14:02:18+00:00| published-proof-of-concept|...

8.7CVSS7.2AI score0.00287EPSS
Exploits0References4
nvd
nvd
added 2022/05/03 4:15 p.m.26 views

CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

8.7CVSS0.00287EPSS
Exploits0References1
debiancve
debiancve
added 2022/05/03 3:45 p.m.45 views

CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

8.7CVSS7.8AI score0.00287EPSS
Exploits0
cvelist
cvelist
added 2022/05/03 3:45 p.m.59 views

CVE-2021-22573 Incorrect signature verification on Google-oauth-java-client

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

8.7CVSS8.7AI score0.00287EPSS
Exploits0References1
cve
cve
added 2022/05/03 3:45 p.m.2064 views

CVE-2021-22573

CVE-2021-22573 involves Google OAuth Client Library for Java where IdTokenVerifier may bypass verification because the signature is not checked before claims verification. The vulnerability allows an attacker to present a compromised IdToken with a modified payload that could pass client-side val...

8.7CVSS7.1AI score0.00287EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder