Lucene search

Openvpn Access Server Security Vulnerabilities - 2020

cve

CVE-2020-11462

An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2 interface. The...

7.5CVSS

7.6AI Score

0.001EPSS

2020-05-04 02:15 PM

cve

CVE-2020-15074

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.

7.5CVSS

8.1AI Score

0.001EPSS

2020-07-14 06:15 PM

cve

CVE-2020-8953

OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).

9.8CVSS

9.5AI Score

0.004EPSS

2020-02-13 04:15 AM