An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.
History

Mon, 10 Mar 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-306
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-03-10T19:55:39.516Z

Reserved: 2022-07-01T00:00:00.000Z

Link: CVE-2022-34908

cve-icon Vulnrichment

Updated: 2024-08-03T09:22:10.744Z

cve-icon NVD

Status : Modified

Published: 2023-02-27T13:15:10.107

Modified: 2025-03-10T20:15:12.223

Link: CVE-2022-34908

cve-icon Redhat

No data.