Описание
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.2.0 (включая) до 2.2.1 (включая)
cpe:2.3:a:daybydaycrm:daybyday:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00299
Низкий
8.8 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-613
CWE-613
Связанные уязвимости
github
около 4 лет назад
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.
EPSS
Процентиль: 53%
0.00299
Низкий
8.8 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-613
CWE-613