CVE-2022-22110

Опубликовано: 05 янв. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort.

Ссылки

https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b
Patch
Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22110
Third Party Advisory
https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b
Patch
Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22110
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:daybydaycrm:daybyday_crm:*:*:*:*:*:*:*:*

Версия от 1.1.0 (включая) до 2.2.0 (включая)

EPSS

Процентиль: 51%

0.0028

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-521

Связанные уязвимости

GHSA-96v6-hrwg-p378