CVE-2022-22113

In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MendCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
daybydaycrmdaybyday
2.2.0 ≤
𝑥
≤ 2.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Bottelet/DaybydayCRM/blob/master/config/session.php#L32
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22113
https://github.com/Bottelet/DaybydayCRM/blob/master/config/session.php#L32
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22113