CVE-2022-34908

Published: Feb 27, 2023

Modified: May 30, 2025

PUBLISHED

CVSS v3.1

8.2

HIGH

Description

An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:N/S:U/UI:N

Attack Complexity

Low

Attack Vector

Network

Availability

None

Confidentiality

High

Integrity

Low

Privileges Required

None

Scope

Unchanged

User Interaction

None

References

https://www.aremis.com/en_GB/welcome

https://excellium-services.com/cert-xlm-advisory/CVE-2022-34908

https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-34908

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-34908

Description

Affected Products

CVSS v3.1 Details

References