Symphony Security Vulnerabilities

CVE-2024-0335

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from...

CVE-2024-23049

An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j...

CVE-2023-24975

IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID:....

CVE-2023-0228

Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3...

CVE-2020-25912

A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service...

CVE-2020-24678

An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high...

CVE-2020-24675

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled...

CVE-2020-24674

In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the...

CVE-2020-24677

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted...

CVE-2020-24673

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file.....

CVE-2020-24679

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is...

CVE-2020-24683

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection....

CVE-2020-24676

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs...

CVE-2020-24680

In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a...

CVE-2020-25343

Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via...

CVE-2020-17405

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper...

CVE-2020-15071

content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to...

CVE-2020-8479

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...

CVE-2020-8471

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...

CVE-2020-8475

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...

CVE-2020-8476

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...

CVE-2020-8481

For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody...

CVE-2019-17488

b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent...

CVE-2018-16249

In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can be inserted by an admin-authenticated...

CVE-2019-9142

An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to...

CVE-2018-1708

IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID:...

CVE-2018-1706

IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

CVE-2018-1702

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM...

CVE-2018-1704

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to...

CVE-2018-1705

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. IBM X-Force ID:...

CVE-2018-1595

IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID:...

CVE-2018-12043

content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content...

CVE-2018-10469

b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload...

CVE-2017-16956

b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified...

CVE-2017-16881

b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java,...

CVE-2017-16821

b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in...

CVE-2017-8876

Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to...

CVE-2017-7694

Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event...

CVE-2017-6067

Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form...

CVE-2017-5541

Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder...

CVE-2017-5542

Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder...

CVE-2016-4309

Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID...

CVE-2015-8766

Multiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) email_sendmail[from_name], (2) email_sendmail[from_address], (3) email_smtp[from_name], (4)...

CVE-2015-8376

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter to...

CVE-2015-4661

Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to...

CVE-2013-2559

SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL...

CVE-2013-7346

Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to...

CVE-2010-3457

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient]...

CVE-2010-3458

SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party...

CVE-2010-2143

Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode...