CVE-2022-22108
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Bottelet | DaybydayCRM | 2.0.0 < unspecified | affected |
| Bottelet | DaybydayCRM | unspecified <= 2.2.0 | affected |
| Bottelet | flarepoint | 2.0.0 < unspecified | affected |
| Bottelet | flarepoint | unspecified <= 2.2.0 | affected |
Weaknesses
- CWE-862: CWE-862 Missing Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108
References
- https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.