Valentin Giannini

**Name of the Vulnerable Software and Affected Versions** A4N (Aremis 4 Nomad) application version 1.5.0 **Description** An issue was discovered in the A4N application, which possesses an authentication mechanism. However, some features do not require any token or cookie in a request, allowing an attacker to send a simple HTTP request to the right endpoint and obtain authorization to retrieve application data. **Recommendations** For version 1.5.0, consider restricting access to sensitive endpoints until a patch is available, and ensure that all features require proper authentication tokens or cookies in requests. As a temporary workaround, disable any features that do not require authentication to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** A4N (Aremis 4 Nomad) application version 1.5.0 **Description** The issue allows SQL Injection, enabling an attacker to bypass authentication and retrieve data stored in the database. This can lead to unauthorized access to sensitive information. **Recommendations** For A4N (Aremis 4 Nomad) application version 1.5.0, consider restricting access to the database until a patch is available. As a temporary workaround, avoid using the application for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zebra Enterprise Home Screen version 4.1.19 **Description** An issue was discovered where the Gboard used by different applications can be used to launch and use several other applications that are restricted by the admin. **Recommendations** For Zebra Enterprise Home Screen version 4.1.19, consider restricting access to the Gboard to prevent the launch of restricted applications until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zebra Enterprise Home Screen version 4.1.19 **Description** An issue was discovered in the software, allowing the installation of unauthorized applications via a downloaded APK by utilizing the embedded Google Chrome application. **Recommendations** For Zebra Enterprise Home Screen version 4.1.19, consider restricting the use of the embedded Google Chrome application until a patch is available to prevent the installation of unauthorized applications.

**Name of the Vulnerable Software and Affected Versions** Zebra Enterprise Home Screen version 4.1.19 **Description** An issue was discovered that allows the use of a physical connection (Ethernet cable) without restriction, even when some communication channels are locked by the administrator. **Recommendations** For Zebra Enterprise Home Screen version 4.1.19, consider restricting access to the Ethernet port or implementing additional security measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RCDevs OpenOTP app versions 1.4.13 through 1.4.14 **Description** An issue was discovered in the RCDevs OpenOTP app for iOS. If it is installed on a jailbroken device, it is possible to retrieve the `PIN code` used to access the application. The issue is resolved in version 1.4.1631262629, which stores a hash `PIN code`. **Recommendations** For versions 1.4.13 and 1.4.14, update to version 1.4.1631262629 to resolve the issue by storing a hash `PIN code`.