The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Authentication Bypass in Symphony Plus | Authentication Bypass in Symphony Plus |
MITRE
Status: PUBLISHED
Assigner: ABB
Published: 2020-12-22T21:19:10.709309Z
Updated: 2024-09-17T01:36:41.524Z
Reserved: 2020-08-26T00:00:00
Link: CVE-2020-24683
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-12-22T22:15:13.757
Modified: 2024-11-21T05:15:46.077
Link: CVE-2020-24683
Redhat
No data.