CVE-2022-1065
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Abacus Research AG | Abacus ERP | v2022 < R1 of 2022-01-15 | affected |
| Abacus Research AG | Abacus ERP | v2021 < R4 of 2022-01-15 | affected |
| Abacus Research AG | Abacus ERP | v2020 < R6 of 2022-01-15 | affected |
| Abacus Research AG | Abacus ERP | R5 (service pack) < v2019* | affected |
| Abacus Research AG | Abacus ERP | R5 (service pack) < v2018* | affected |
| Abacus Research AG | Abacus ERP | v2017 <= and prior versions | unaffected |
Weaknesses
- CWE-304: CWE-304 Missing Critical Step in Authentication
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.