cve/2022/CVE-2022-22107.md

### [CVE-2022-22107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22107)
![](https://img.shields.io/static/v1?label=Product&message=DaybydayCRM&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=flarepoint&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%202.0.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)

### Description

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all.

### POC

#### Reference
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22107

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-22107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22107)`
			`![](https://img.shields.io/static/v1?label=Product&message=DaybydayCRM&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=flarepoint&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%202.0.0%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)`

			`### Description`

			`In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all.`

			`### POC`

			`#### Reference`
			`- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22107`

			`#### Github`
			`No PoCs found on GitHub currently.`