Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities found for access_commander by 2n
CVE-2025-59787 (GCVE-0-2025-59787)
Vulnerability from nvd – Published: 2026-03-04 15:31 – Updated: 2026-03-05 19:01
VLAI
Title
HTTP 5XX Internal Server Errors
Summary
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-703 - – Improper Check or Handling of Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.2n.com/en-GB/download/cve_2025_59787_… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 2N Telekomunikace a.s. | 2N Access Commander |
Affected:
0 , < 3.5
(Release)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T19:00:54.958469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T19:01:31.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "2N Access Commander",
"vendor": "2N Telekomunikace a.s.",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "0",
"versionType": "Release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.\u003cp\u003e\u003c/p\u003e"
}
],
"value": "2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 \u2013 Command/Argument Injection via Malformed Input"
}
]
},
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 \u2013 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 \u2013 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:31:59.211Z",
"orgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"shortName": "2N"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.2n.com/en-GB/download/cve_2025_59787_acom_3_5_v1pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTTP 5XX Internal Server Errors",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"assignerShortName": "2N",
"cveId": "CVE-2025-59787",
"datePublished": "2026-03-04T15:31:59.211Z",
"dateReserved": "2025-09-19T17:22:49.648Z",
"dateUpdated": "2026-03-05T19:01:31.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59786 (GCVE-0-2025-59786)
Vulnerability from nvd – Published: 2026-03-04 15:30 – Updated: 2026-03-04 16:03
VLAI
Title
Cookies are not Invalidated upon Logout and Password Change
Summary
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.2n.com/en-GB/download/cve_2025_59786_… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 2N Telekomunikace a.s. | 2N Access Commander |
Affected:
0 , < 3.5
(Release)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T16:00:12.782453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T16:03:17.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "2N Access Commander",
"vendor": "2N Telekomunikace a.s.",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "0",
"versionType": "Release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.\u003cbr\u003e\n\n\n\n\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application."
}
],
"impacts": [
{
"capecId": "CAPEC-31",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-31 \u2013 Accessing/Intercepting/Modifying HTTP Cookies"
}
]
},
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:30:35.148Z",
"orgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"shortName": "2N"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.2n.com/en-GB/download/cve_2025_59786_acom_3_5_v1pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cookies are not Invalidated upon Logout and Password Change",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"assignerShortName": "2N",
"cveId": "CVE-2025-59786",
"datePublished": "2026-03-04T15:30:35.148Z",
"dateReserved": "2025-09-19T17:22:49.648Z",
"dateUpdated": "2026-03-04T16:03:17.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59785 (GCVE-0-2025-59785)
Vulnerability from nvd – Published: 2026-03-04 15:30 – Updated: 2026-03-04 16:17
VLAI
Title
API - Insufficient Input Validation
Summary
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.
This vulnerability can only be exploited after authenticating with administrator privileges.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - – Improper Validation of Syntactic Correctness
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.2n.com/en-GB/download/cve_2025_59785_… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 2N Telekomunikace a.s. | 2N Access Commander |
Affected:
0 , < 3.5
(Release)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T16:17:02.568081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T16:17:08.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "2N Access Commander",
"vendor": "2N Telekomunikace a.s.",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "0",
"versionType": "Release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.\u003cbr\u003eThis vulnerability can only be exploited after authenticating with administrator privileges.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.\nThis vulnerability can only be exploited after authenticating with administrator privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 \u2014 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 \u2013 Improper Validation of Syntactic Correctness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:30:31.230Z",
"orgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"shortName": "2N"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.2n.com/en-GB/download/cve_2025_59785_acom_3_5_v1pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "API - Insufficient Input Validation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"assignerShortName": "2N",
"cveId": "CVE-2025-59785",
"datePublished": "2026-03-04T15:30:31.230Z",
"dateReserved": "2025-09-19T17:22:49.648Z",
"dateUpdated": "2026-03-04T16:17:08.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59784 (GCVE-0-2025-59784)
Vulnerability from nvd – Published: 2026-03-04 15:26 – Updated: 2026-03-04 16:16
VLAI
Title
Log Pollution - Control Characters Not Escaped
Summary
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation.
This vulnerability can only be exploited after authenticating with administrator privileges.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.2n.com/en-GB/download/cve_2025_59784_… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 2N Telekomunikace a.s. | 2N Access Commander |
Affected:
0 , < 3.4.2
(Release)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59784",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T16:16:38.878662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T16:16:44.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "2N Access Commander",
"vendor": "2N Telekomunikace a.s.",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "0",
"versionType": "Release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation.\u003cbr\u003eThis vulnerability can only be exploited after authenticating with administrator privileges.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation.\nThis vulnerability can only be exploited after authenticating with administrator privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-93",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-93 Log Injection-Tampering-Forging"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117: Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:59:59.350Z",
"orgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"shortName": "2N"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.2n.com/en-GB/download/cve_2025_59784_acom_3_5_v1pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Log Pollution - Control Characters Not Escaped",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"assignerShortName": "2N",
"cveId": "CVE-2025-59784",
"datePublished": "2026-03-04T15:26:47.073Z",
"dateReserved": "2025-09-19T17:22:49.648Z",
"dateUpdated": "2026-03-04T16:16:44.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59783 (GCVE-0-2025-59783)
Vulnerability from nvd – Published: 2026-03-04 15:19 – Updated: 2026-03-04 16:15
VLAI
Title
OS Command Injection over API
Summary
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection.
This vulnerability can only be exploited after authenticating with administrator privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.2n.com/en-GB/download/cve_2025_59783_… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 2N Telekomunikace a.s. | 2N Access Commander |
Affected:
0 , < 3.4.2
(public release)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T16:14:33.825152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T16:15:00.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"API"
],
"platforms": [
"Linux"
],
"product": "2N Access Commander",
"vendor": "2N Telekomunikace a.s.",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "0",
"versionType": "public release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. \u003cbr\u003eThis vulnerability can only be exploited after authenticating with administrator privileges."
}
],
"value": "API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. \nThis vulnerability can only be exploited after authenticating with administrator privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:26:33.357Z",
"orgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"shortName": "2N"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.2n.com/en-GB/download/cve_2025_59783_acom_3_5_v1pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OS Command Injection over API",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"assignerShortName": "2N",
"cveId": "CVE-2025-59783",
"datePublished": "2026-03-04T15:19:13.116Z",
"dateReserved": "2025-09-19T17:22:49.647Z",
"dateUpdated": "2026-03-04T16:15:00.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47255 (GCVE-0-2024-47255)
Vulnerability from nvd – Published: 2024-11-05 09:16 – Updated: 2026-01-09 13:31
VLAI
Summary
In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary
code execution with root permissions.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| 2N | 2N Access Commander |
Affected:
<=3.1.1.2
|
|
| 2n | access_commander |
Affected:
0 , ≤ 3.1.1.2
(custom)
cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "access_commander",
"vendor": "2n",
"versions": [
{
"lessThanOrEqual": "3.1.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T14:55:29.859923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T14:55:56.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "2N Access Commander",
"vendor": "2N",
"versions": [
{
"status": "affected",
"version": "\u003c=3.1.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary \ncode execution with root permissions."
}
],
"value": "In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary \ncode execution with root permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T13:31:35.186Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2024-47255",
"datePublished": "2024-11-05T09:16:48.128Z",
"dateReserved": "2024-09-23T16:37:50.255Z",
"dateUpdated": "2026-01-09T13:31:35.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47254 (GCVE-0-2024-47254)
Vulnerability from nvd – Published: 2024-11-05 09:13 – Updated: 2026-01-09 13:31
VLAI
Summary
In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient
Verification of Data Authenticity vulnerability could allow an attacker
to escalate their privileges and gain root access to the system.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-807 - Reliance on Untrusted Inputs in a Security Decision
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| 2N | 2N Access Commander |
Affected:
<=3.1.1.2
|
|
| 2n | access_commander |
Affected:
0 , ≤ 3.1.1.2
(custom)
cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "access_commander",
"vendor": "2n",
"versions": [
{
"lessThanOrEqual": "3.1.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T14:55:14.974689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T14:55:19.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "2N Access Commander",
"vendor": "2N",
"versions": [
{
"status": "affected",
"version": "\u003c=3.1.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient \nVerification of Data Authenticity vulnerability could allow an attacker \nto escalate their privileges and gain root access to the system.\n\n\u003cbr\u003e"
}
],
"value": "In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient \nVerification of Data Authenticity vulnerability could allow an attacker \nto escalate their privileges and gain root access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-807",
"description": "CWE-807 Reliance on Untrusted Inputs in a Security Decision",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T13:31:31.984Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2024-47254",
"datePublished": "2024-11-05T09:13:08.132Z",
"dateReserved": "2024-09-23T16:37:50.255Z",
"dateUpdated": "2026-01-09T13:31:31.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47253 (GCVE-0-2024-47253)
Vulnerability from nvd – Published: 2024-11-05 09:08 – Updated: 2026-01-09 13:31
VLAI
Summary
In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| 2N | 2N Access Commander |
Affected:
<=3.1.1.2
|
|
| 2n | access_commander |
Affected:
0 , ≤ 3.1.1.2
(custom)
cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "access_commander",
"vendor": "2n",
"versions": [
{
"lessThanOrEqual": "3.1.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T14:50:29.094999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T14:54:38.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "2N Access Commander",
"vendor": "2N",
"versions": [
{
"status": "affected",
"version": "\u003c=3.1.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles."
}
],
"value": "In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T13:31:37.563Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2024-47253",
"datePublished": "2024-11-05T09:08:56.300Z",
"dateReserved": "2024-09-23T16:37:50.255Z",
"dateUpdated": "2026-01-09T13:31:37.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59787 (GCVE-0-2025-59787)
Vulnerability from cvelistv5 – Published: 2026-03-04 15:31 – Updated: 2026-03-05 19:01
VLAI
Title
HTTP 5XX Internal Server Errors
Summary
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-703 - – Improper Check or Handling of Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.2n.com/en-GB/download/cve_2025_59787_… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 2N Telekomunikace a.s. | 2N Access Commander |
Affected:
0 , < 3.5
(Release)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T19:00:54.958469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T19:01:31.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "2N Access Commander",
"vendor": "2N Telekomunikace a.s.",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "0",
"versionType": "Release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.\u003cp\u003e\u003c/p\u003e"
}
],
"value": "2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 \u2013 Command/Argument Injection via Malformed Input"
}
]
},
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 \u2013 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 \u2013 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:31:59.211Z",
"orgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"shortName": "2N"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.2n.com/en-GB/download/cve_2025_59787_acom_3_5_v1pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTTP 5XX Internal Server Errors",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"assignerShortName": "2N",
"cveId": "CVE-2025-59787",
"datePublished": "2026-03-04T15:31:59.211Z",
"dateReserved": "2025-09-19T17:22:49.648Z",
"dateUpdated": "2026-03-05T19:01:31.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59786 (GCVE-0-2025-59786)
Vulnerability from cvelistv5 – Published: 2026-03-04 15:30 – Updated: 2026-03-04 16:03
VLAI
Title
Cookies are not Invalidated upon Logout and Password Change
Summary
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.2n.com/en-GB/download/cve_2025_59786_… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 2N Telekomunikace a.s. | 2N Access Commander |
Affected:
0 , < 3.5
(Release)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T16:00:12.782453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T16:03:17.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "2N Access Commander",
"vendor": "2N Telekomunikace a.s.",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "0",
"versionType": "Release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.\u003cbr\u003e\n\n\n\n\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application."
}
],
"impacts": [
{
"capecId": "CAPEC-31",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-31 \u2013 Accessing/Intercepting/Modifying HTTP Cookies"
}
]
},
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:30:35.148Z",
"orgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"shortName": "2N"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.2n.com/en-GB/download/cve_2025_59786_acom_3_5_v1pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cookies are not Invalidated upon Logout and Password Change",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"assignerShortName": "2N",
"cveId": "CVE-2025-59786",
"datePublished": "2026-03-04T15:30:35.148Z",
"dateReserved": "2025-09-19T17:22:49.648Z",
"dateUpdated": "2026-03-04T16:03:17.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59785 (GCVE-0-2025-59785)
Vulnerability from cvelistv5 – Published: 2026-03-04 15:30 – Updated: 2026-03-04 16:17
VLAI
Title
API - Insufficient Input Validation
Summary
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.
This vulnerability can only be exploited after authenticating with administrator privileges.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - – Improper Validation of Syntactic Correctness
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.2n.com/en-GB/download/cve_2025_59785_… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 2N Telekomunikace a.s. | 2N Access Commander |
Affected:
0 , < 3.5
(Release)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T16:17:02.568081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T16:17:08.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "2N Access Commander",
"vendor": "2N Telekomunikace a.s.",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "0",
"versionType": "Release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.\u003cbr\u003eThis vulnerability can only be exploited after authenticating with administrator privileges.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.\nThis vulnerability can only be exploited after authenticating with administrator privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 \u2014 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 \u2013 Improper Validation of Syntactic Correctness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:30:31.230Z",
"orgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"shortName": "2N"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.2n.com/en-GB/download/cve_2025_59785_acom_3_5_v1pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "API - Insufficient Input Validation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"assignerShortName": "2N",
"cveId": "CVE-2025-59785",
"datePublished": "2026-03-04T15:30:31.230Z",
"dateReserved": "2025-09-19T17:22:49.648Z",
"dateUpdated": "2026-03-04T16:17:08.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59784 (GCVE-0-2025-59784)
Vulnerability from cvelistv5 – Published: 2026-03-04 15:26 – Updated: 2026-03-04 16:16
VLAI
Title
Log Pollution - Control Characters Not Escaped
Summary
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation.
This vulnerability can only be exploited after authenticating with administrator privileges.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.2n.com/en-GB/download/cve_2025_59784_… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 2N Telekomunikace a.s. | 2N Access Commander |
Affected:
0 , < 3.4.2
(Release)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59784",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T16:16:38.878662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T16:16:44.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "2N Access Commander",
"vendor": "2N Telekomunikace a.s.",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "0",
"versionType": "Release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation.\u003cbr\u003eThis vulnerability can only be exploited after authenticating with administrator privileges.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation.\nThis vulnerability can only be exploited after authenticating with administrator privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-93",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-93 Log Injection-Tampering-Forging"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117: Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:59:59.350Z",
"orgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"shortName": "2N"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.2n.com/en-GB/download/cve_2025_59784_acom_3_5_v1pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Log Pollution - Control Characters Not Escaped",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"assignerShortName": "2N",
"cveId": "CVE-2025-59784",
"datePublished": "2026-03-04T15:26:47.073Z",
"dateReserved": "2025-09-19T17:22:49.648Z",
"dateUpdated": "2026-03-04T16:16:44.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59783 (GCVE-0-2025-59783)
Vulnerability from cvelistv5 – Published: 2026-03-04 15:19 – Updated: 2026-03-04 16:15
VLAI
Title
OS Command Injection over API
Summary
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection.
This vulnerability can only be exploited after authenticating with administrator privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.2n.com/en-GB/download/cve_2025_59783_… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 2N Telekomunikace a.s. | 2N Access Commander |
Affected:
0 , < 3.4.2
(public release)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T16:14:33.825152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T16:15:00.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"API"
],
"platforms": [
"Linux"
],
"product": "2N Access Commander",
"vendor": "2N Telekomunikace a.s.",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "0",
"versionType": "public release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. \u003cbr\u003eThis vulnerability can only be exploited after authenticating with administrator privileges."
}
],
"value": "API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. \nThis vulnerability can only be exploited after authenticating with administrator privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:26:33.357Z",
"orgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"shortName": "2N"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.2n.com/en-GB/download/cve_2025_59783_acom_3_5_v1pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OS Command Injection over API",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "be69f613-e5f6-419b-800c-30351aa8933c",
"assignerShortName": "2N",
"cveId": "CVE-2025-59783",
"datePublished": "2026-03-04T15:19:13.116Z",
"dateReserved": "2025-09-19T17:22:49.647Z",
"dateUpdated": "2026-03-04T16:15:00.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47255 (GCVE-0-2024-47255)
Vulnerability from cvelistv5 – Published: 2024-11-05 09:16 – Updated: 2026-01-09 13:31
VLAI
Summary
In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary
code execution with root permissions.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| 2N | 2N Access Commander |
Affected:
<=3.1.1.2
|
|
| 2n | access_commander |
Affected:
0 , ≤ 3.1.1.2
(custom)
cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "access_commander",
"vendor": "2n",
"versions": [
{
"lessThanOrEqual": "3.1.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T14:55:29.859923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T14:55:56.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "2N Access Commander",
"vendor": "2N",
"versions": [
{
"status": "affected",
"version": "\u003c=3.1.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary \ncode execution with root permissions."
}
],
"value": "In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary \ncode execution with root permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T13:31:35.186Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2024-47255",
"datePublished": "2024-11-05T09:16:48.128Z",
"dateReserved": "2024-09-23T16:37:50.255Z",
"dateUpdated": "2026-01-09T13:31:35.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47254 (GCVE-0-2024-47254)
Vulnerability from cvelistv5 – Published: 2024-11-05 09:13 – Updated: 2026-01-09 13:31
VLAI
Summary
In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient
Verification of Data Authenticity vulnerability could allow an attacker
to escalate their privileges and gain root access to the system.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-807 - Reliance on Untrusted Inputs in a Security Decision
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| 2N | 2N Access Commander |
Affected:
<=3.1.1.2
|
|
| 2n | access_commander |
Affected:
0 , ≤ 3.1.1.2
(custom)
cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "access_commander",
"vendor": "2n",
"versions": [
{
"lessThanOrEqual": "3.1.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T14:55:14.974689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T14:55:19.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "2N Access Commander",
"vendor": "2N",
"versions": [
{
"status": "affected",
"version": "\u003c=3.1.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient \nVerification of Data Authenticity vulnerability could allow an attacker \nto escalate their privileges and gain root access to the system.\n\n\u003cbr\u003e"
}
],
"value": "In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient \nVerification of Data Authenticity vulnerability could allow an attacker \nto escalate their privileges and gain root access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-807",
"description": "CWE-807 Reliance on Untrusted Inputs in a Security Decision",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T13:31:31.984Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2024-47254",
"datePublished": "2024-11-05T09:13:08.132Z",
"dateReserved": "2024-09-23T16:37:50.255Z",
"dateUpdated": "2026-01-09T13:31:31.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47253 (GCVE-0-2024-47253)
Vulnerability from cvelistv5 – Published: 2024-11-05 09:08 – Updated: 2026-01-09 13:31
VLAI
Summary
In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| 2N | 2N Access Commander |
Affected:
<=3.1.1.2
|
|
| 2n | access_commander |
Affected:
0 , ≤ 3.1.1.2
(custom)
cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:2n:access_commander:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "access_commander",
"vendor": "2n",
"versions": [
{
"lessThanOrEqual": "3.1.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T14:50:29.094999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T14:54:38.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "2N Access Commander",
"vendor": "2N",
"versions": [
{
"status": "affected",
"version": "\u003c=3.1.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles."
}
],
"value": "In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T13:31:37.563Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.2n.com/en-GB/download/Access-Commander-Security-Advisory-2024-11"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2024-47253",
"datePublished": "2024-11-05T09:08:56.300Z",
"dateReserved": "2024-09-23T16:37:50.255Z",
"dateUpdated": "2026-01-09T13:31:37.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}