CVE-2022-34908
Description
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A4N Android app 1.5.0 lacks authentication for some endpoints, allowing unauthorized data retrieval via simple HTTP requests.
Vulnerability
The A4N (Aremis 4 Nomad) Android application version 1.5.0 fails to enforce authentication for certain endpoints. While the app possesses an authentication mechanism, some features do not require any token or cookie in the request [2]. This allows unauthorized access to application data.
Exploitation
An attacker with network access can send a simple HTTP request to the vulnerable endpoint without any prior authentication or user interaction [2]. No special privileges or conditions are needed.
Impact
Successful exploitation results in disclosure of all application data (confidentiality impact: high). Additionally, the attacker may export new data in an anonymous manner, indicating a low integrity impact. The CVSS v3.1 score is 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) [2].
Mitigation
The vendor released version 1.5.1 (build B221115) to address this vulnerability [2]. Users should update the A4N application to this patched version. No workarounds are documented.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- A4N/A4N (Aremis 4 Nomad) applicationdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.