CVE-2022-34910

An issue was discovered in the A4N Aremis 4 Nomad application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device...

CVE-2022-34908

An issue was discovered in the A4N Aremis 4 Nomad application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization ...

CVE-2022-34910

The CVE-2022-34910 entry concerns the A4N (Aremis 4 Nomad) Android app 1.5.0, where user passwords are stored in cleartext in the local data store. This root cause enables any attacker with device access to retrieve other users’ passwords, describing a local, data-leak risk rather than a remote e...

Aremis 4 Nomad 授权问题漏洞

Aremis 4 Nomad A4N is an application from Aremis, Inc. A security vulnerability exists in Aremis 4 Nomad version 1.5.0. An attacker exploits the vulnerability to send a simple HTTP request to the correct endpoint and gain authorization to retrieve application data...

CVE-2022-34909

CVE-2022-34909 concerns A4N (Aremis 4 Nomad) Android app 1.5.0. The issue is a SQL Injection vulnerability in the application’s authentication flow that allows an attacker to bypass authentication and retrieve data stored in the database. The available connected data confirms the affected product...