An issue exists in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
aremis aremis 4 nomads |