2n Access_commander
8 CVEs affecting 2n Access_commander. Latest disclosed: 2026-03-04. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-59786 | Critical | 9.8 | 2026-03-04 | 2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web appli… |
CVE-2025-59785 | High | 7.2 | 2026-03-04 | Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This… |
CVE-2025-59784 | High | 7.2 | 2026-03-04 | 2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validati… |
CVE-2025-59783 | High | 7.2 | 2026-03-04 | API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This… |
CVE-2024-47253 | High | 7.2 | 2024-11-05 | In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the… |
CVE-2025-59787 | Medium | 6.5 | 2026-03-04 | 2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indi… |
CVE-2024-47254 | Medium | 6.3 | 2024-11-05 | In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their… |
CVE-2024-47255 | Medium | 4.7 | 2024-11-05 | In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution… |