Vulnerabilities > CVE-2022-22107 - Missing Authorization vulnerability in Daybydaycrm Daybyday CRM 2.2.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

daybydaycrm

CWE-862

NVD

Published: 2022-01-05

Updated: 2022-01-08

Summary

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all.

Vulnerable Configurations

Part	Description	Count
Application	Daybydaycrm Daybydaycrm Daybyday CRM 2.2.0	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22107