Vulnerability Description
A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abacus | Abacus Erp 2018 | >= r7 |
| Abacus | Abacus Erp 2019 | >= r5 |
| Abacus | Abacus Erp 2020 | < r6 |
| Abacus | Abacus Erp 2021 | < r4 |
| Abacus | Abacus Erp 2022 | < r1 |
Related Weaknesses (CWE)
References
- https://www.redguard.ch/advisories/abacus_mfa_bypass.txtExploitThird Party Advisory
- https://www.redguard.ch/advisories/abacus_mfa_bypass.txtExploitThird Party Advisory
FAQ
What is CVE-2022-1065?
CVE-2022-1065 is a vulnerability with a CVSS score of 8.1 (HIGH). A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-0...
How severe is CVE-2022-1065?
CVE-2022-1065 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1065?
Check the references section above for vendor advisories and patch information. Affected products include: Abacus Abacus Erp 2018, Abacus Abacus Erp 2019, Abacus Abacus Erp 2020, Abacus Abacus Erp 2021, Abacus Abacus Erp 2022.