CVE-2022-34908

Name of the Vulnerable Software and Affected Versions A4N (Aremis 4 Nomad) application version 1.5.0

Description An issue was discovered in the A4N application, which possesses an authentication mechanism. However, some features do not require any token or cookie in a request, allowing an attacker to send a simple HTTP request to the right endpoint and obtain authorization to retrieve application data.

Recommendations For version 1.5.0, consider restricting access to sensitive endpoints until a patch is available, and ensure that all features require proper authentication tokens or cookies in requests. As a temporary workaround, disable any features that do not require authentication to minimize the risk of exploitation.