Primary

Context

2N Access Commander Session Fixation Vulnerability Allowing Active Cookies After Logout

Vulnerability

Patched

A session fixation vulnerability has been identified in 2N Access Commander versions through 3.4.2. The issue arises because the application improperly invalidates session tokens, allowing multiple session cookies to remain active after a user has logged out.

Impact

Exploitation of this vulnerability could lead to session fixation, where an attacker could potentially hijack a user's session by exploiting the active session cookies.

Remediation

Users are advised to upgrade to 2N Access Commander version 3.5 or later, where this vulnerability has been addressed.

Added: Mar 4, 2026, 4:28 PM

Updated: Mar 4, 2026, 6:26 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

6.4

remediation

7.7

relevance

3.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

6.4

remediation

7.7

relevance

3.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

2N Access Commander Session Fixation Vulnerability Allowing Active Cookies After Logout

Vulnerability

Impact

Remediation

Affected Products

2N Access Commander

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating