Known Vulnerabilities for Openvpn Access Server by Openvpn
Listed below are 10 of the newest known vulnerabilities associated with "Openvpn Access Server" by "Openvpn".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-33738 json | OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal | 7.5 - HIGH | 2022-07-06 | 2022-07-15 |
| CVE-2022-33737 json | The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may... | 7.5 - HIGH | 2022-07-06 | 2023-07-21 |
| CVE-2021-4234 json | OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet s... | 7.5 - HIGH | 2022-07-06 | 2022-07-14 |
| CVE-2021-3824 json | OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login pag... | 6.1 - MEDIUM | 2021-09-23 | 2021-09-29 |
| CVE-2020-36382 json | OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via in... | 7.5 - HIGH | 2021-06-04 | 2022-09-20 |
| CVE-2020-15077 json | OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channe... | 5.3 - MEDIUM | 2021-06-04 | 2022-08-05 |
| CVE-2020-15074 json | OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing ... | 7.5 - HIGH | 2020-07-14 | 2021-11-23 |
| CVE-2020-11462 json | An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface e... | 7.5 - HIGH | 2020-05-04 | 2020-05-12 |
| CVE-2020-8953 json | OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor auth... | 9.8 - CRITICAL | 2020-02-13 | 2020-05-12 |
| CVE-2017-5868 json | CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary ... | 6.1 - MEDIUM | 2017-05-26 | 2017-06-06 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Openvpn | Openvpn Access Server | 2.8.3 | |||
| Application | Openvpn | Openvpn Access Server | 2.8.2 | |||
| Application | Openvpn | Openvpn Access Server | 2.8.1 | |||
| Application | Openvpn | Openvpn Access Server | 2.8.0 | |||
| Application | Openvpn | Openvpn Access Server | 2.7.5 | |||
| Application | Openvpn | Openvpn Access Server | 2.7.4 | |||
| Application | Openvpn | Openvpn Access Server | 2.7.3 | |||
| Application | Openvpn | Openvpn Access Server | 2.6.1 | |||
| Application | Openvpn | Openvpn Access Server | 2.5.2 | |||
| Application | Openvpn | Openvpn Access Server | 2.5.0 | |||
| Application | Openvpn | Openvpn Access Server | 2.1.9 | |||
| Application | Openvpn | Openvpn Access Server | 2.1.8 | |||
| Application | Openvpn | Openvpn Access Server | 2.1.6 | |||
| Application | Openvpn | Openvpn Access Server | 2.1.4 | |||
| Application | Openvpn | Openvpn Access Server | 2.1.2 | |||
| Application | Openvpn | Openvpn Access Server | 2.1.12 | |||
| Application | Openvpn | Openvpn Access Server | 2.1.1 | |||
| Application | Openvpn | Openvpn Access Server | 2.1.0 | |||
| Application | Openvpn | Openvpn Access Server | 2.0.8 | |||
| Application | Openvpn | Openvpn Access Server | 2.0.7 |