Aggregates CVE and security vulnerability intelligence across all aremis-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and related problems; some flaws may lead to vendor impact data exposure, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-34910 | An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device. | [email protected] | 4.1 | 0.03% | 2023-02-27 | 2025-05-30 |
| CVE-2022-34909 | An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database. | [email protected] | 7.7 | 0.42% | 2023-02-27 | 2025-05-30 |
| CVE-2022-34908 | An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data. | [email protected] | 8.2 | 0.40% | 2023-02-27 | 2025-05-30 |