Aware · Aware Mobile Liveness Sdk · CVE-2019-9196
**Name of the Vulnerable Software and Affected Versions**
Aware mobile liveness sdk version 2.2.0
Aware mobile liveness sdk version 2.2.1
**Description**
The issue allows for a Biometrical Liveness authentication bypass. This is achieved through parameter tampering of the "security level" field in the "/knomi/analyze" API endpoint.
**Recommendations**
For Aware mobile liveness sdk version 2.2.0, avoid using the `security level` field in the "/knomi/analyze" API endpoint until the issue is resolved.
For Aware mobile liveness sdk version 2.2.1, avoid using the `security level` field in the "/knomi/analyze" API endpoint until the issue is resolved.