CVE-2020-24683
Authentication Bypass in Symphony Plus
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.
Las versiones afectadas de S+ Operations (versión 2.1 SP1 y anteriores) utilizaron un enfoque para la autenticación de usuarios que se basa en la comprobación en el nodo del cliente (autenticación del lado del cliente). Esto no es tan seguro como hacer que el servidor valide una aplicación cliente antes de permitir una conexión. Por lo tanto, si la comunicación de red o los endpoints para estas aplicaciones no están protegidas, los actores no autorizados pueden omitir la autenticación y llevar a cabo conexiones no autorizadas hacia la aplicación del servidor
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-26 CVE Reserved
- 2020-12-22 CVE Published
- 2023-09-21 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-305: Authentication Bypass by Primary Weakness
- CWE-602: Client-Side Enforcement of Server-Side Security
- CWE-669: Incorrect Resource Transfer Between Spheres
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Abb Search vendor "Abb" | Symphony \+ Historian Search vendor "Abb" for product "Symphony \+ Historian" | 3.0 Search vendor "Abb" for product "Symphony \+ Historian" and version "3.0" | - |
Affected
| ||||||
| Abb Search vendor "Abb" | Symphony \+ Historian Search vendor "Abb" for product "Symphony \+ Historian" | 3.1 Search vendor "Abb" for product "Symphony \+ Historian" and version "3.1" | - |
Affected
| ||||||
| Abb Search vendor "Abb" | Symphony \+ Operations Search vendor "Abb" for product "Symphony \+ Operations" | 1.1 Search vendor "Abb" for product "Symphony \+ Operations" and version "1.1" | - |
Affected
| ||||||
| Abb Search vendor "Abb" | Symphony \+ Operations Search vendor "Abb" for product "Symphony \+ Operations" | 2.0 Search vendor "Abb" for product "Symphony \+ Operations" and version "2.0" | - |
Affected
| ||||||
| Abb Search vendor "Abb" | Symphony \+ Operations Search vendor "Abb" for product "Symphony \+ Operations" | 2.1 Search vendor "Abb" for product "Symphony \+ Operations" and version "2.1" | sp1 |
Affected
| ||||||
| Abb Search vendor "Abb" | Symphony \+ Operations Search vendor "Abb" for product "Symphony \+ Operations" | 2.1 Search vendor "Abb" for product "Symphony \+ Operations" and version "2.1" | sp2 |
Affected
| ||||||
| Abb Search vendor "Abb" | Symphony \+ Operations Search vendor "Abb" for product "Symphony \+ Operations" | 3.0 Search vendor "Abb" for product "Symphony \+ Operations" and version "3.0" | - |
Affected
| ||||||
| Abb Search vendor "Abb" | Symphony \+ Operations Search vendor "Abb" for product "Symphony \+ Operations" | 3.1 Search vendor "Abb" for product "Symphony \+ Operations" and version "3.1" | - |
Affected
| ||||||
| Abb Search vendor "Abb" | Symphony \+ Operations Search vendor "Abb" for product "Symphony \+ Operations" | 3.2 Search vendor "Abb" for product "Symphony \+ Operations" and version "3.2" | - |
Affected
| ||||||
| Abb Search vendor "Abb" | Symphony \+ Operations Search vendor "Abb" for product "Symphony \+ Operations" | 3.3 Search vendor "Abb" for product "Symphony \+ Operations" and version "3.3" | - |
Affected
| ||||||