The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.
History

Tue, 17 Sep 2024 01:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Symphony Plus Authentication Bypass in Symphony Plus

cve-icon MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2020-12-22T21:19:10.709309Z

Updated: 2024-09-17T01:36:41.524Z

Reserved: 2020-08-26T00:00:00

Link: CVE-2020-24683

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-22T22:15:13.757

Modified: 2024-11-21T05:15:46.077

Link: CVE-2020-24683

cve-icon Redhat

No data.