Описание
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.
Ссылки
- Third Party Advisory
- Not Applicable
- Third Party Advisory
- Not Applicable
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.1 (исключая)
cpe:2.3:a:aremis:aremis_4_nomads:*:*:*:*:*:android:*:*
EPSS
Процентиль: 34%
0.00136
Низкий
8.2 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-287
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
почти 3 года назад
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.
EPSS
Процентиль: 34%
0.00136
Низкий
8.2 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-287
CWE-306