Primary

Context

2N Access Commander OS Command Injection Vulnerability in User Synchronization API Endpoint

Vulnerability

Patched

An OS command injection vulnerability has been identified in the user synchronization API endpoint of 2N Access Commander version 3.4.1. This issue arises from inadequate input validation, allowing for the injection of operating system commands. Exploitation of this vulnerability requires authentication with administrator privileges.

Impact

Exploitation of this vulnerability allows for OS command injection, where an authenticated administrator can execute arbitrary commands on the server's operating system.

Remediation

Users can upgrade to 2N Access Commander version 3.5 or later, where this vulnerability has been addressed.

Added: Mar 4, 2026, 4:29 PM

Updated: Mar 4, 2026, 6:27 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

2N Access Commander OS Command Injection Vulnerability in User Synchronization API Endpoint

Vulnerability

Impact

Remediation

Affected Products

2N Access Commander

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating