CVE-2022-1065
Last modified
CVE-2022-1065 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). EPSS estimates a 2.76% chance of exploitation in the next 30 days.
Description
A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Abacus | Abacus Erp 2018 | >= r7 |
| Abacus | Abacus Erp 2019 | >= r5 |
| Abacus | Abacus Erp 2020 | < r6 |
| Abacus | Abacus Erp 2021 | < r4 |
| Abacus | Abacus Erp 2022 | < r1 |
References
- https://www.redguard.ch/advisories/abacus_mfa_bypass.txtExploit, Third Party Advisory
- https://www.redguard.ch/advisories/abacus_mfa_bypass.txtExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-1065?
How severe is CVE-2022-1065?
How do I fix CVE-2022-1065?
Are you affected by CVE-2022-1065?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST