CVE-2022-34910

An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.1 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
mitreCNA
4.1 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AC:H/AV:L/A:N/C:H/I:N/PR:H/S:U/UI:N
CVEADP
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://excellium-services.com/cert-xlm-advisory/CVE-2022-34910
https://www.aremis.com/en_GB/welcome
https://excellium-services.com/cert-xlm-advisory/CVE-2022-34910
https://www.aremis.com/en_GB/welcome