CVE-2022-34908 Information

Description

An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however some features do not require any token or cookie in a request. Therefore an attacker may send a simple HTTP request to the right endpoint and obtain authorization to retrieve application data.

Reference

https://www.aremis.com/en_GB/welcome https://excellium-services.com/cert-xlm-advisory/CVE-2022-34908