What is CVE-2022-22108?

CVE-2022-22108 is a medium-severity vulnerability in Bottelet Daybydaycrm, classified under Missing Authorization. CVSS score: 4.3/10. Published 2022-01-05.

How severe is CVE-2022-22108?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Auth bypass in Bottelet Daybydaycrm

CVE-2022-22108

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This…

Vulnerability class: Broken Access Control

EPSS: 0.002 (35.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Bottelet Daybydaycrm — versions 2.0.0, unspecified
Bottelet Flarepoint — versions 2.0.0, unspecified

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b (x_refsource_MISC)
www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-22108?: CVE-2022-22108 is a medium-severity vulnerability in Bottelet Daybydaycrm, classified under Missing Authorization. CVSS score: 4.3/10. Published 2022-01-05.
How severe is CVE-2022-22108?: Medium severity. CVSS v3 base score is 4.3 out of 10.