Vulnerabilities > Openvpn > Openvpn Access Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2021-3824 Cross-site Scripting vulnerability in Openvpn Access Server
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.
network
low complexity
openvpn CWE-79
6.1
2021-06-04 CVE-2020-15077 Improper Authentication vulnerability in Openvpn Access Server
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
network
high complexity
openvpn CWE-287
5.3
2017-05-26 CVE-2017-5868 CRLF Injection vulnerability in Openvpn Access Server 2.1.4
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/.
network
low complexity
openvpn CWE-93
6.1