CVE-2022-1065
19.04.2022, 08:15
A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions.Enginsight
| Vendor | Product | Version |
|---|---|---|
| abacus | abacus_erp_2018 | r7 ≤ |
| abacus | abacus_erp_2019 | r5 ≤ |
| abacus | abacus_erp_2020 | 𝑥 < r6 |
| abacus | abacus_erp_2021 | 𝑥 < r4 |
| abacus | abacus_erp_2022 | 𝑥 < r1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-304 - Missing Critical Step in AuthenticationThe software implements an authentication technique, but it skips a step that weakens the technique.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.