8 matches found
CVE-2024-47254
CVE-2024-47254 affects 2N Access Commander v3.1.1.2 and earlier. The advisory details two issues: (1) path traversal could allow arbitrary file writes and remote code execution; (2) insufficient verification of data authenticity could enable privilege escalation and root access. Impact includes p...
CVE-2024-47255
2N Access Commander, versions 3.1.1.2 and earlier, contain multiple vulnerabilities. A path traversal flaw could allow an attacker to write files and achieve arbitrary remote code execution with root privileges. Separately, insufficient verification of data authenticity could enable local privile...
CVE-2024-47253
CVE-2024-47253 affects 2N Access Commander versions 3.1.1.2 and earlier. A path traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution; exploitation is not possible for lower-privilege...
CVE-2025-59783
CVE-2025-59783 affects the API endpoint for user synchronization in 2N Access Commander 3.4.1 . The root cause is insufficient input validation, enabling an OS command injection . Exploitation requires authentication with administrator privileges . The CVSS 4.0 base score is 8.8 (HIGH) with netwo...
CVE-2025-59784
2N Access Commander versions prior to 3.4.2 are affected by a log pollution flaw: certain API parameters are written into logs without validation, exploitable only with administrator privileges. Affected product/version: 2N Access Commander
CVE-2025-59785
CVE-2025-59785 affects 2N Access Commander, with affected versions prior to 3.4.3. The root cause is improper validation of an API endpoint in the product, which can allow bypassing the password policy used for backup file encryption. Exploitation requires administrator privileges (authenticated ...
CVE-2025-59786
CVE-2025-59786 affects 2N Access Commander, with version 3.4.2 and earlier. The root cause is improper invalidation of session tokens, allowing multiple session cookies to remain active after logout in the web application. Impact described across multiple sources includes potential unauthorized a...
CVE-2025-59787
2N Access Commander, affected through version 3.4.2 and earlier, returns HTTP 500 on malformed or manipulated input, indicating improper input validation in the web-facing interface. The description notes potential security or availability impact but does not detail exploitable vectors beyond the...