How severe is CVE-2020-24683?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2020-24683?

This is classified as CWE-305, which is a common weakness in software security.

CVE-2020-24683 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.

Related Vulnerabilities

CVE-2020-15787

CRITICAL

CVSS:9.8(Critical)

A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be trunca...

CWE-3052020

CVE-2021-21403

CRITICAL

CVSS:9.8(Critical)

In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.

CWE-3052021

CVE-2021-28503

CRITICAL

CVSS:9.8(Critical)

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via...

CWE-3052021

CVE-2021-45031

CRITICAL

CVSS:9.8(Critical)

A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords.

CWE-3052021

CVE-2022-0547

CRITICAL

CVSS:9.8(Critical)

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an exter...

CWE-3052022

CVE-2022-2651

CRITICAL

CVSS:9.8(Critical)

Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.

CWE-3052022