Filtered by vendor Daybydaycrm
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22113 | 1 Daybydaycrm | 1 Daybyday | 2022-02-25 | 6.5 MEDIUM | 8.8 HIGH |
| In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed. | |||||
| CVE-2022-22110 | 1 Daybydaycrm | 1 Daybyday Crm | 2022-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort. | |||||
| CVE-2022-22111 | 1 Daybydaycrm | 1 Daybyday Crm | 2022-01-08 | 6.5 MEDIUM | 8.8 HIGH |
| In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged user in the application. | |||||