5 matches found
CVE-2025-59783
CVE-2025-59783 affects the API endpoint for user synchronization in 2N Access Commander 3.4.1 . The root cause is insufficient input validation, enabling an OS command injection . Exploitation requires authentication with administrator privileges . The CVSS 4.0 base score is 8.8 (HIGH) with netwo...
CVE-2025-59784
2N Access Commander versions prior to 3.4.2 are affected by a log pollution flaw: certain API parameters are written into logs without validation, exploitable only with administrator privileges. Affected product/version: 2N Access Commander
CVE-2025-59785
CVE-2025-59785 affects 2N Access Commander, with affected versions prior to 3.4.3. The root cause is improper validation of an API endpoint in the product, which can allow bypassing the password policy used for backup file encryption. Exploitation requires administrator privileges (authenticated ...
CVE-2025-59786
CVE-2025-59786 affects 2N Access Commander, with version 3.4.2 and earlier. The root cause is improper invalidation of session tokens, allowing multiple session cookies to remain active after logout in the web application. Impact described across multiple sources includes potential unauthorized a...
CVE-2025-59787
2N Access Commander, affected through version 3.4.2 and earlier, returns HTTP 500 on malformed or manipulated input, indicating improper input validation in the web-facing interface. The description notes potential security or availability impact but does not detail exploitable vectors beyond the...