Lucene search
K
2nAccess Commander

8 matches found

CVE
CVE
added 2024/11/05 9:13 a.m.63 views

CVE-2024-47254

CVE-2024-47254 affects 2N Access Commander v3.1.1.2 and earlier. The advisory details two issues: (1) path traversal could allow arbitrary file writes and remote code execution; (2) insufficient verification of data authenticity could enable privilege escalation and root access. Impact includes p...

7.2CVSS7.5AI score0.00343EPSS
CVE
CVE
added 2024/11/05 9:16 a.m.57 views

CVE-2024-47255

2N Access Commander, versions 3.1.1.2 and earlier, contain multiple vulnerabilities. A path traversal flaw could allow an attacker to write files and achieve arbitrary remote code execution with root privileges. Separately, insufficient verification of data authenticity could enable local privile...

7.8CVSS7.5AI score0.00104EPSS
CVE
CVE
added 2024/11/05 9:8 a.m.51 views

CVE-2024-47253

CVE-2024-47253 affects 2N Access Commander versions 3.1.1.2 and earlier. A path traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution; exploitation is not possible for lower-privilege...

7.2CVSS7.4AI score0.00934EPSS
CVE
CVE
added 2026/03/04 3:19 p.m.17 views

CVE-2025-59783

CVE-2025-59783 affects the API endpoint for user synchronization in 2N Access Commander 3.4.1 . The root cause is insufficient input validation, enabling an OS command injection . Exploitation requires authentication with administrator privileges . The CVSS 4.0 base score is 8.8 (HIGH) with netwo...

8.8CVSS5.9AI score0.0086EPSS
CVE
CVE
added 2026/03/04 3:26 p.m.16 views

CVE-2025-59784

2N Access Commander versions prior to 3.4.2 are affected by a log pollution flaw: certain API parameters are written into logs without validation, exploitable only with administrator privileges. Affected product/version: 2N Access Commander

7.2CVSS5.9AI score0.00286EPSS
CVE
CVE
added 2026/03/04 3:30 p.m.13 views

CVE-2025-59785

CVE-2025-59785 affects 2N Access Commander, with affected versions prior to 3.4.3. The root cause is improper validation of an API endpoint in the product, which can allow bypassing the password policy used for backup file encryption. Exploitation requires administrator privileges (authenticated ...

7.2CVSS5.9AI score0.00189EPSS
CVE
CVE
added 2026/03/04 3:30 p.m.11 views

CVE-2025-59786

CVE-2025-59786 affects 2N Access Commander, with version 3.4.2 and earlier. The root cause is improper invalidation of session tokens, allowing multiple session cookies to remain active after logout in the web application. Impact described across multiple sources includes potential unauthorized a...

9.8CVSS5.9AI score0.00254EPSS
CVE
CVE
added 2026/03/04 3:31 p.m.11 views

CVE-2025-59787

2N Access Commander, affected through version 3.4.2 and earlier, returns HTTP 500 on malformed or manipulated input, indicating improper input validation in the web-facing interface. The description notes potential security or availability impact but does not detail exploitable vectors beyond the...

6.5CVSS5.9AI score0.00191EPSS