2n 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は パス処理の欠陥 and vendor risk input validation に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact unexpected behavior and ファイル上書き などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-59787 | 2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts. | be69f613-e5f6-419b-800c-30351aa8933c | 5.3 | 0.05% | 2026-03-04 | 2026-03-05 |
| CVE-2025-59786 | 2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application. | be69f613-e5f6-419b-800c-30351aa8933c | 6.0 | 0.06% | 2026-03-04 | 2026-03-05 |
| CVE-2025-59785 | Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges. | be69f613-e5f6-419b-800c-30351aa8933c | 5.3 | 0.06% | 2026-03-04 | 2026-03-05 |
| CVE-2025-59784 | 2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges. | be69f613-e5f6-419b-800c-30351aa8933c | 6.9 | 0.05% | 2026-03-04 | 2026-03-05 |
| CVE-2025-59783 | API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges. | be69f613-e5f6-419b-800c-30351aa8933c | 8.8 | 0.15% | 2026-03-04 | 2026-03-05 |
| CVE-2024-47255 | In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions. | [email protected] | 4.7 | 0.04% | 2024-11-05 | 2025-09-04 |
| CVE-2024-47254 | In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system. | [email protected] | 6.3 | 0.15% | 2024-11-05 | 2025-09-04 |
| CVE-2024-47253 | In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles. | [email protected] | 7.2 | 7.48% | 2024-11-05 | 2024-11-07 |
| CVE-2021-31399 | On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack. | [email protected] | 4.6 | 0.17% | 2021-08-13 | 2025-05-30 |