exploitDog

CVE-2022-34910

Опубликовано: 27 фев. 2023

Источник: nvd

CVSS3: 4.1

CVSS3: 5.5

EPSS Низкий

Описание

An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device.

Ссылки

https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-34910
https://excellium-services.com/cert-xlm-advisory/CVE-2022-34910
Third Party Advisory
https://www.aremis.com/en_GB/welcome
Not Applicable
https://excellium-services.com/cert-xlm-advisory/CVE-2022-34910
Third Party Advisory
https://www.aremis.com/en_GB/welcome
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aremis:aremis_4_nomads:*:*:*:*:*:android:*:*

Версия до 1.5.1 (исключая)

EPSS

Процентиль: 1%

0.0001

Низкий

4.1 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-312

CWE-312

Связанные уязвимости

GHSA-92r6-gw4h-q44j

CVSS3: 5.5

github

почти 3 года назад

An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device.

EPSS

Процентиль: 1%

0.0001

Низкий

4.1 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-312

CWE-312