Access Commander
Monthly
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts. [CVSS 6.5 MEDIUM]
Insufficient session invalidation in 2N Access Commander 3.4.2. Multiple sessions remain valid after logout.
Access Commander contains a vulnerability that allows attackers to bypass password policy for backup file encryption (CVSS 7.2).
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. [CVSS 7.2 HIGH]
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges. [CVSS 7.2 HIGH]
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts. [CVSS 6.5 MEDIUM]
Insufficient session invalidation in 2N Access Commander 3.4.2. Multiple sessions remain valid after logout.
Access Commander contains a vulnerability that allows attackers to bypass password policy for backup file encryption (CVSS 7.2).
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. [CVSS 7.2 HIGH]
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges. [CVSS 7.2 HIGH]