Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for flarepoint by Bottelet

    CVE-2022-22111 (GCVE-0-2022-22111)

    Vulnerability from nvd – Published: 2022-01-05 15:05 – Updated: 2024-08-03 03:00
    VLAI
    Title
    DayByDay CRM - Missing Authorization when Changing Password
    Summary
    In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged user in the application.
    CWE
    Assigner
    References
    Impacted products
    Credits
    WhiteSource Vulnerability Research Team (WVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:00:55.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22111"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DaybydayCRM",
              "vendor": "Bottelet",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.0"
                }
              ]
            },
            {
              "product": "flarepoint",
              "vendor": "Bottelet",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WhiteSource Vulnerability Research Team (WVR)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator\u2019s. This allows the attacker to gain access to the highest privileged user in the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-05T15:05:22.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22111"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.1"
            }
          ],
          "source": {
            "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "DayByDay CRM - Missing Authorization when Changing Password",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "ID": "CVE-2022-22111",
              "STATE": "PUBLIC",
              "TITLE": "DayByDay CRM - Missing Authorization when Changing Password"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DaybydayCRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "flarepoint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bottelet"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WhiteSource Vulnerability Research Team (WVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator\u2019s. This allows the attacker to gain access to the highest privileged user in the application."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b",
                  "refsource": "MISC",
                  "url": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b"
                },
                {
                  "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22111",
                  "refsource": "MISC",
                  "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22111"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.1"
              }
            ],
            "source": {
              "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-22111",
        "datePublished": "2022-01-05T15:05:22.000Z",
        "dateReserved": "2021-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:00:55.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22110 (GCVE-0-2022-22110)

    Vulnerability from nvd – Published: 2022-01-05 15:05 – Updated: 2024-08-03 03:00
    VLAI
    Title
    DayByDay CRM - Weak Password Requirements in Update User
    Summary
    In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort.
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bottelet DaybydayCRM Affected: unspecified , ≤ 2.2.0 (custom)
    Affected: 1.1 , < unspecified (custom)
    Create a notification for this product.
    Bottelet flarepoint Affected: unspecified , ≤ 2.2.0 (custom)
    Affected: 1.1 , < unspecified (custom)
    Create a notification for this product.
    Credits
    WhiteSource Vulnerability Research Team (WVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:00:55.381Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22110"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DaybydayCRM",
              "vendor": "Bottelet",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "1.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "flarepoint",
              "vendor": "Bottelet",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "1.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WhiteSource Vulnerability Research Team (WVR)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users\u2019 passwords with minimal to no computational effort."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-05T15:05:21.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22110"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.1"
            }
          ],
          "source": {
            "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "DayByDay CRM - Weak Password Requirements in Update User",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "ID": "CVE-2022-22110",
              "STATE": "PUBLIC",
              "TITLE": "DayByDay CRM - Weak Password Requirements in Update User"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DaybydayCRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.2.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "flarepoint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.2.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bottelet"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WhiteSource Vulnerability Research Team (WVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users\u2019 passwords with minimal to no computational effort."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-521 Weak Password Requirements"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b",
                  "refsource": "MISC",
                  "url": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b"
                },
                {
                  "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22110",
                  "refsource": "MISC",
                  "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22110"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.1"
              }
            ],
            "source": {
              "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-22110",
        "datePublished": "2022-01-05T15:05:21.000Z",
        "dateReserved": "2021-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:00:55.381Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22109 (GCVE-0-2022-22109)

    Vulnerability from nvd – Published: 2022-01-05 15:05 – Updated: 2024-08-03 03:00
    VLAI
    Title
    DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title
    Summary
    In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Credits
    WhiteSource Vulnerability Research Team (WVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:00:55.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Bottelet/DaybydayCRM/commit/002dc75f400cf307bd00b71a5a93f1e26e52cee2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22109"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DaybydayCRM",
              "vendor": "Bottelet",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.0"
                }
              ]
            },
            {
              "product": "flarepoint",
              "vendor": "Bottelet",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WhiteSource Vulnerability Research Team (WVR)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim\u2019s browser when they open the \u201c/tasks\u201d page to view all the tasks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-05T15:05:20.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Bottelet/DaybydayCRM/commit/002dc75f400cf307bd00b71a5a93f1e26e52cee2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22109"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.1"
            }
          ],
          "source": {
            "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "ID": "CVE-2022-22109",
              "STATE": "PUBLIC",
              "TITLE": "DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DaybydayCRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "flarepoint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bottelet"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WhiteSource Vulnerability Research Team (WVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim\u2019s browser when they open the \u201c/tasks\u201d page to view all the tasks."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Bottelet/DaybydayCRM/commit/002dc75f400cf307bd00b71a5a93f1e26e52cee2",
                  "refsource": "MISC",
                  "url": "https://github.com/Bottelet/DaybydayCRM/commit/002dc75f400cf307bd00b71a5a93f1e26e52cee2"
                },
                {
                  "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22109",
                  "refsource": "MISC",
                  "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22109"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.1"
              }
            ],
            "source": {
              "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-22109",
        "datePublished": "2022-01-05T15:05:20.000Z",
        "dateReserved": "2021-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:00:55.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22108 (GCVE-0-2022-22108)

    Vulnerability from nvd – Published: 2022-01-05 15:05 – Updated: 2024-08-03 03:00
    VLAI
    Title
    DayByDay CRM - Missing Authorization when Viewing Absences
    Summary
    In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bottelet DaybydayCRM Affected: 2.0.0 , < unspecified (custom)
    Affected: unspecified , ≤ 2.2.0 (custom)
    Create a notification for this product.
    Bottelet flarepoint Affected: 2.0.0 , < unspecified (custom)
    Affected: unspecified , ≤ 2.2.0 (custom)
    Create a notification for this product.
    Credits
    WhiteSource Vulnerability Research Team (WVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:00:55.285Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DaybydayCRM",
              "vendor": "Bottelet",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "flarepoint",
              "vendor": "Bottelet",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WhiteSource Vulnerability Research Team (WVR)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-05T15:05:18.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.1"
            }
          ],
          "source": {
            "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "DayByDay CRM - Missing Authorization when Viewing Absences",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "ID": "CVE-2022-22108",
              "STATE": "PUBLIC",
              "TITLE": "DayByDay CRM - Missing Authorization when Viewing Absences"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DaybydayCRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.0.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "flarepoint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.0.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bottelet"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WhiteSource Vulnerability Research Team (WVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b",
                  "refsource": "MISC",
                  "url": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b"
                },
                {
                  "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108",
                  "refsource": "MISC",
                  "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.1"
              }
            ],
            "source": {
              "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-22108",
        "datePublished": "2022-01-05T15:05:18.000Z",
        "dateReserved": "2021-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:00:55.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22107 (GCVE-0-2022-22107)

    Vulnerability from nvd – Published: 2022-01-05 15:05 – Updated: 2024-08-03 03:00
    VLAI
    Title
    DayByDay CRM - Missing Authorization when Viewing Appointments
    Summary
    In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bottelet DaybydayCRM Affected: 2.0.0 , < unspecified (custom)
    Affected: unspecified , ≤ 2.2.0 (custom)
    Create a notification for this product.
    Bottelet flarepoint Affected: 2.0.0 , < unspecified (custom)
    Affected: unspecified , ≤ 2.2.0 (custom)
    Create a notification for this product.
    Credits
    WhiteSource Vulnerability Research Team (WVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:00:55.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22107"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DaybydayCRM",
              "vendor": "Bottelet",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "flarepoint",
              "vendor": "Bottelet",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WhiteSource Vulnerability Research Team (WVR)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-05T15:05:16.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22107"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.1"
            }
          ],
          "source": {
            "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "DayByDay CRM - Missing Authorization when Viewing Appointments",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "ID": "CVE-2022-22107",
              "STATE": "PUBLIC",
              "TITLE": "DayByDay CRM - Missing Authorization when Viewing Appointments"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DaybydayCRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.0.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "flarepoint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.0.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bottelet"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WhiteSource Vulnerability Research Team (WVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b",
                  "refsource": "MISC",
                  "url": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b"
                },
                {
                  "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22107",
                  "refsource": "MISC",
                  "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22107"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.1"
              }
            ],
            "source": {
              "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-22107",
        "datePublished": "2022-01-05T15:05:16.000Z",
        "dateReserved": "2021-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:00:55.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22111 (GCVE-0-2022-22111)

    Vulnerability from cvelistv5 – Published: 2022-01-05 15:05 – Updated: 2024-08-03 03:00
    VLAI
    Title
    DayByDay CRM - Missing Authorization when Changing Password
    Summary
    In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged user in the application.
    CWE
    Assigner
    References
    Impacted products
    Credits
    WhiteSource Vulnerability Research Team (WVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:00:55.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22111"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DaybydayCRM",
              "vendor": "Bottelet",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.0"
                }
              ]
            },
            {
              "product": "flarepoint",
              "vendor": "Bottelet",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WhiteSource Vulnerability Research Team (WVR)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator\u2019s. This allows the attacker to gain access to the highest privileged user in the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-05T15:05:22.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22111"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.1"
            }
          ],
          "source": {
            "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "DayByDay CRM - Missing Authorization when Changing Password",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "ID": "CVE-2022-22111",
              "STATE": "PUBLIC",
              "TITLE": "DayByDay CRM - Missing Authorization when Changing Password"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DaybydayCRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "flarepoint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bottelet"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WhiteSource Vulnerability Research Team (WVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator\u2019s. This allows the attacker to gain access to the highest privileged user in the application."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b",
                  "refsource": "MISC",
                  "url": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b"
                },
                {
                  "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22111",
                  "refsource": "MISC",
                  "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22111"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.1"
              }
            ],
            "source": {
              "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-22111",
        "datePublished": "2022-01-05T15:05:22.000Z",
        "dateReserved": "2021-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:00:55.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22110 (GCVE-0-2022-22110)

    Vulnerability from cvelistv5 – Published: 2022-01-05 15:05 – Updated: 2024-08-03 03:00
    VLAI
    Title
    DayByDay CRM - Weak Password Requirements in Update User
    Summary
    In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort.
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bottelet DaybydayCRM Affected: unspecified , ≤ 2.2.0 (custom)
    Affected: 1.1 , < unspecified (custom)
    Create a notification for this product.
    Bottelet flarepoint Affected: unspecified , ≤ 2.2.0 (custom)
    Affected: 1.1 , < unspecified (custom)
    Create a notification for this product.
    Credits
    WhiteSource Vulnerability Research Team (WVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:00:55.381Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22110"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DaybydayCRM",
              "vendor": "Bottelet",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "1.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "flarepoint",
              "vendor": "Bottelet",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "1.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WhiteSource Vulnerability Research Team (WVR)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users\u2019 passwords with minimal to no computational effort."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-05T15:05:21.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22110"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.1"
            }
          ],
          "source": {
            "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "DayByDay CRM - Weak Password Requirements in Update User",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "ID": "CVE-2022-22110",
              "STATE": "PUBLIC",
              "TITLE": "DayByDay CRM - Weak Password Requirements in Update User"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DaybydayCRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.2.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "flarepoint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.2.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bottelet"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WhiteSource Vulnerability Research Team (WVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users\u2019 passwords with minimal to no computational effort."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-521 Weak Password Requirements"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b",
                  "refsource": "MISC",
                  "url": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b"
                },
                {
                  "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22110",
                  "refsource": "MISC",
                  "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22110"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.1"
              }
            ],
            "source": {
              "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-22110",
        "datePublished": "2022-01-05T15:05:21.000Z",
        "dateReserved": "2021-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:00:55.381Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22109 (GCVE-0-2022-22109)

    Vulnerability from cvelistv5 – Published: 2022-01-05 15:05 – Updated: 2024-08-03 03:00
    VLAI
    Title
    DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title
    Summary
    In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Credits
    WhiteSource Vulnerability Research Team (WVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:00:55.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Bottelet/DaybydayCRM/commit/002dc75f400cf307bd00b71a5a93f1e26e52cee2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22109"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DaybydayCRM",
              "vendor": "Bottelet",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.0"
                }
              ]
            },
            {
              "product": "flarepoint",
              "vendor": "Bottelet",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WhiteSource Vulnerability Research Team (WVR)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim\u2019s browser when they open the \u201c/tasks\u201d page to view all the tasks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-05T15:05:20.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Bottelet/DaybydayCRM/commit/002dc75f400cf307bd00b71a5a93f1e26e52cee2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22109"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.1"
            }
          ],
          "source": {
            "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "ID": "CVE-2022-22109",
              "STATE": "PUBLIC",
              "TITLE": "DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DaybydayCRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "flarepoint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bottelet"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WhiteSource Vulnerability Research Team (WVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim\u2019s browser when they open the \u201c/tasks\u201d page to view all the tasks."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Bottelet/DaybydayCRM/commit/002dc75f400cf307bd00b71a5a93f1e26e52cee2",
                  "refsource": "MISC",
                  "url": "https://github.com/Bottelet/DaybydayCRM/commit/002dc75f400cf307bd00b71a5a93f1e26e52cee2"
                },
                {
                  "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22109",
                  "refsource": "MISC",
                  "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22109"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.1"
              }
            ],
            "source": {
              "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-22109",
        "datePublished": "2022-01-05T15:05:20.000Z",
        "dateReserved": "2021-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:00:55.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22108 (GCVE-0-2022-22108)

    Vulnerability from cvelistv5 – Published: 2022-01-05 15:05 – Updated: 2024-08-03 03:00
    VLAI
    Title
    DayByDay CRM - Missing Authorization when Viewing Absences
    Summary
    In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bottelet DaybydayCRM Affected: 2.0.0 , < unspecified (custom)
    Affected: unspecified , ≤ 2.2.0 (custom)
    Create a notification for this product.
    Bottelet flarepoint Affected: 2.0.0 , < unspecified (custom)
    Affected: unspecified , ≤ 2.2.0 (custom)
    Create a notification for this product.
    Credits
    WhiteSource Vulnerability Research Team (WVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:00:55.285Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DaybydayCRM",
              "vendor": "Bottelet",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "flarepoint",
              "vendor": "Bottelet",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WhiteSource Vulnerability Research Team (WVR)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-05T15:05:18.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.1"
            }
          ],
          "source": {
            "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "DayByDay CRM - Missing Authorization when Viewing Absences",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "ID": "CVE-2022-22108",
              "STATE": "PUBLIC",
              "TITLE": "DayByDay CRM - Missing Authorization when Viewing Absences"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DaybydayCRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.0.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "flarepoint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.0.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bottelet"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WhiteSource Vulnerability Research Team (WVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b",
                  "refsource": "MISC",
                  "url": "https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b"
                },
                {
                  "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108",
                  "refsource": "MISC",
                  "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.1"
              }
            ],
            "source": {
              "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-22108",
        "datePublished": "2022-01-05T15:05:18.000Z",
        "dateReserved": "2021-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:00:55.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22107 (GCVE-0-2022-22107)

    Vulnerability from cvelistv5 – Published: 2022-01-05 15:05 – Updated: 2024-08-03 03:00
    VLAI
    Title
    DayByDay CRM - Missing Authorization when Viewing Appointments
    Summary
    In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bottelet DaybydayCRM Affected: 2.0.0 , < unspecified (custom)
    Affected: unspecified , ≤ 2.2.0 (custom)
    Create a notification for this product.
    Bottelet flarepoint Affected: 2.0.0 , < unspecified (custom)
    Affected: unspecified , ≤ 2.2.0 (custom)
    Create a notification for this product.
    Credits
    WhiteSource Vulnerability Research Team (WVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:00:55.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22107"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DaybydayCRM",
              "vendor": "Bottelet",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "flarepoint",
              "vendor": "Bottelet",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WhiteSource Vulnerability Research Team (WVR)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-05T15:05:16.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22107"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.1"
            }
          ],
          "source": {
            "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "DayByDay CRM - Missing Authorization when Viewing Appointments",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "ID": "CVE-2022-22107",
              "STATE": "PUBLIC",
              "TITLE": "DayByDay CRM - Missing Authorization when Viewing Appointments"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DaybydayCRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.0.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "flarepoint",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.0.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bottelet"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WhiteSource Vulnerability Research Team (WVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b",
                  "refsource": "MISC",
                  "url": "https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b"
                },
                {
                  "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22107",
                  "refsource": "MISC",
                  "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22107"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.1"
              }
            ],
            "source": {
              "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-22107",
        "datePublished": "2022-01-05T15:05:16.000Z",
        "dateReserved": "2021-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:00:55.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }