Vulnerabilities (CVE)

Filtered by vendor Aremis Subscribe
Filtered by product Aremis 4 Nomads
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34910 1 Aremis 1 Aremis 4 Nomads 2024-02-04 N/A 5.5 MEDIUM
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device.
CVE-2022-34909 1 Aremis 1 Aremis 4 Nomads 2024-02-04 N/A 9.1 CRITICAL
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.
CVE-2022-34908 1 Aremis 1 Aremis 4 Nomads 2024-02-04 N/A 7.5 HIGH
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.