2n CVE Vulnerabilities & Metrics

Focus on 2n vulnerabilities and metrics.

Last updated: 08 Mar 2026, 23:25 UTC

About 2n Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with 2n. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total 2n CVEs: 8
Earliest CVE date: 13 Aug 2021, 13:15 UTC
Latest CVE date: 04 Mar 2026, 16:16 UTC

Latest CVE reference: CVE-2025-59787

Rolling Stats

30-day Count (Rolling): 5
365-day Count (Rolling): 5

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 150.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 150.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical 2n CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.54

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	7
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS 2n CVEs

These are the five CVEs with the highest CVSS scores for 2n, sorted by severity first and recency.

CVE-2021-31399 2n Published on 13 Aug 2021, 13:15 UTC (CVSS: 4.3)
On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.
CVE-2025-59787 2n Published on 04 Mar 2026, 16:16 UTC (CVSS: 0)
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.
CVE-2025-59786 2n Published on 04 Mar 2026, 16:16 UTC (CVSS: 0)
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.
CVE-2025-59785 2n Published on 04 Mar 2026, 16:16 UTC (CVSS: 0)
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges.
CVE-2025-59784 2n Published on 04 Mar 2026, 16:16 UTC (CVSS: 0)
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges.

All CVEs for 2n

CVE-2025-59787 2n vulnerability CVSS: 0 04 Mar 2026, 16:16 UTC

2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.

CVE-2025-59786 2n vulnerability CVSS: 0 04 Mar 2026, 16:16 UTC

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.

CVE-2025-59785 2n vulnerability CVSS: 0 04 Mar 2026, 16:16 UTC

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges.

CVE-2025-59784 2n vulnerability CVSS: 0 04 Mar 2026, 16:16 UTC

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges.

CVE-2025-59783 2n vulnerability CVSS: 0 04 Mar 2026, 16:16 UTC

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges.

CVE-2024-47255 2n vulnerability CVSS: 0 05 Nov 2024, 10:20 UTC

In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions.

CVE-2024-47254 2n vulnerability CVSS: 0 05 Nov 2024, 10:20 UTC

In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system.

CVE-2021-31399 2n vulnerability CVSS: 4.3 13 Aug 2021, 13:15 UTC

On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.