Roman Gribi

**Name of the Vulnerable Software and Affected Versions** Abacus ERP versions prior to v2022 R1 of 2022-01-15 Abacus ERP versions prior to v2021 R4 of 2022-01-15 Abacus ERP versions prior to v2020 R6 of 2022-01-15 Abacus ERP v2019 versions later than R5 (service pack) Abacus ERP v2018 versions later than R5 (service pack) **Description** A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. **Recommendations** For Abacus ERP versions prior to v2022 R1 of 2022-01-15, update to v2022 R1 of 2022-01-15 or later. For Abacus ERP versions prior to v2021 R4 of 2022-01-15, update to v2021 R4 of 2022-01-15 or later. For Abacus ERP versions prior to v2020 R6 of 2022-01-15, update to v2020 R6 of 2022-01-15 or later. For Abacus ERP v2019 versions later than R5 (service pack), consider applying additional security measures until a patch is available. For Abacus ERP v2018 versions later than R5 (service pack), consider applying additional security measures until a patch is available.