cve/2022/CVE-2022-22108.md

### [CVE-2022-22108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22108)
![](https://img.shields.io/static/v1?label=Product&message=DaybydayCRM&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=flarepoint&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%202.0.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)

### Description

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.

### POC

#### Reference
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-22108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22108)`
			`![](https://img.shields.io/static/v1?label=Product&message=DaybydayCRM&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=flarepoint&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%202.0.0%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)`

			`### Description`

			`In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.`

			`### POC`

			`#### Reference`
			`- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108`

			`#### Github`
			`No PoCs found on GitHub currently.`