Vulnerabilities > CVE-2022-22113 - Insufficient Session Expiration vulnerability in Daybydaycrm Daybyday

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

daybydaycrm

CWE-613

NVD

Published: 2022-01-13

Updated: 2022-02-25

Summary

In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.

Vulnerable Configurations

Part	Description	Count
Application	Daybydaycrm Daybydaycrm Daybyday *	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22113
https://github.com/Bottelet/DaybydayCRM/blob/master/config/session.php#L32