Medium severity4.3NVD Advisory· Published Jan 5, 2022· Updated Jun 17, 2026
CVE-2022-22107
CVE-2022-22107
Description
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bottelet/flarepointPackagist | >= 2.0.0, < 2.2.1 | 2.2.1 |
Affected products
3- Range: 2.0.0
- Range: 2.0.0
Patches
Vulnerability mechanics
References
4- github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661bnvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-44gv-fgcj-w546ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-22107ghsaADVISORY
- www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22107nvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.