71 matches found
CVE-2025-59785
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59784
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59786
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...
CVE-2025-59783
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...
EUVD-2025-208279
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...
EUVD-2025-208280
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts...
EUVD-2025-208278
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
EUVD-2025-208277
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59787
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts...
CVE-2025-59786
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...
CVE-2025-59786
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...
CVE-2025-59785
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59787
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts...
CVE-2025-59784
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59783
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59783
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59787 HTTP 5XX Internal Server Errors
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts...
CVE-2025-59787
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts...
CVE-2025-59787
2N Access Commander, affected through version 3.4.2 and earlier, returns HTTP 500 on malformed or manipulated input, indicating improper input validation in the web-facing interface. The description notes potential security or availability impact but does not detail exploitable vectors beyond the...
CVE-2025-59786 Cookies are not Invalidated upon Logout and Password Change
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...