Skip to main content

Symphony Operations

9 CVEs product

Monthly

CVE-2020-24683 CRITICAL Act Now

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symphony Historian Symphony Operations
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-24680 HIGH This Week

In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Authentication Bypass Symphony Historian Symphony Operations
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-24679 CRITICAL Act Now

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Symphony Historian Symphony Operations
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-24678 HIGH This Week

An authenticated user might execute malicious code under the user context and take control of the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Symphony Historian Symphony Operations
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-24677 HIGH This Week

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Symphony Historian Symphony Operations
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-24676 HIGH This Week

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Symphony Historian Symphony Operations
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-24675 CRITICAL Act Now

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symphony Historian Symphony Operations
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-24674 HIGH This Week

In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Symphony Historian Symphony Operations
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-24673 CRITICAL Act Now

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Information Disclosure Symphony Historian Symphony Operations
NVD
CVSS 3.1
9.8
EPSS
1.1%
EPSS 1% CVSS 9.8
CRITICAL Act Now

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symphony Historian Symphony Operations
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Authentication Bypass Symphony Historian +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Symphony Historian Symphony Operations
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An authenticated user might execute malicious code under the user context and take control of the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Symphony Historian Symphony Operations
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Symphony Historian +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Symphony Historian +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symphony Historian Symphony Operations
NVD
EPSS 3% CVSS 8.8
HIGH This Week

In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Symphony Historian +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Information Disclosure Symphony Historian +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy