CVE-2022-34909

Share

CVE-2022-34909

by mrahier96

Abstract Advisory Information

The entire application is prone to SQL injection via the different fields.

The injection allows the attacker to bypass the authentication and to retrieve all the data that is stored on the database including credentials.

Authors: Valentin Giannini & Alexandre Guldner

Version affected

Name: A4N (Aremis 4 Nomad) Android mobile application

Versions: 1.5.0

Common Vulnerability Scoring System

7.7

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Patch

 1.5.1 (B221115)

References

Vulnerability Disclosure Timeline

  • 11/05/2022: Vulnerability discovery
  • 12/05/2022: Vulnerability Report to CERT-XLM
  • 17/05/2022: Vulnerability Report to Vendor through Contact Form
  • 17/05/2022: Vulnerability Report to Vendor through investigation
  • 19/05/2022: Vulnerability Report to Vendor through investigation
  • 03/06/2022: Called vendor, redirected us to an email address
  • 03/06/2022: Vulnerability Report to Vendor through investigation
  • 10/06/2022: Vulnerability Report to Vendor through investigation
  • 17/06/2022: Vulnerability Report to Vendor through investigation
  • 24/06/2022: Called vendor again to press on them, gave cert@ email address to recontact us
  • 24/06/2022: Vulnerability Report to the Director Information System through investigation
  • 01/07/2022: Vulnerability Report shared with the vendor
  • 01/07/2022: Request CVE ID to Mitre
  • 02/07/2022: CVE number assigned
  • 11/07/2022: Acknowledge from vendor. Vulnerabilities will be fixed by the end of September
  • 15/07/2022: Call with the vendor. Vulnerabilities will be fixed by the end of September
  • 30/09/2022: Asked the vendor for an update.
  • 21/10/2022: Asked the vendor for an update.
  • 28/10/2022: Asked the vendor for an update. Vendor said that they will test the fixes in mid-November
  • 02/12/2022: Asked the vendor for an update.
  • 09/12/2022: Asked the vendor for an update.
  • 12/12/2022: Vendor confirmed that they did a second pen test and most flaws are solved. A final report should arrive by the end of the year.
  • 06/01/2023: Asked the vendor for an update.
  • 09/01/2023: Vendor sent latest vulnerability fix report. According to their report the vulnerabilities would be fixed. Vendor says they are waiting for a second pentest to publish the patch.
  • 13/01/2023: Asked the vendor for an update
  • 25/01/2023: Addressed and fixed in version: 1.5.1 (B221115).
  • 24/02/2023: Public disclosure by Excellium Services in accordance with Aremis Group
Top