operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.
Google
Information Disclosure
Android
NVD
GitHub
CVSS 3.1
3.2
EPSS
0.1%