PT-2022-13629 · Unknown · Abacus Erp
Roman Gribi
·
Published
2022-04-19
·
Updated
2022-04-27
·
CVE-2022-1065
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Abacus ERP versions prior to v2022 R1 of 2022-01-15
Abacus ERP versions prior to v2021 R4 of 2022-01-15
Abacus ERP versions prior to v2020 R6 of 2022-01-15
Abacus ERP v2019 versions later than R5 (service pack)
Abacus ERP v2018 versions later than R5 (service pack)
Description
A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor.
Recommendations
For Abacus ERP versions prior to v2022 R1 of 2022-01-15, update to v2022 R1 of 2022-01-15 or later.
For Abacus ERP versions prior to v2021 R4 of 2022-01-15, update to v2021 R4 of 2022-01-15 or later.
For Abacus ERP versions prior to v2020 R6 of 2022-01-15, update to v2020 R6 of 2022-01-15 or later.
For Abacus ERP v2019 versions later than R5 (service pack), consider applying additional security measures until a patch is available.
For Abacus ERP v2018 versions later than R5 (service pack), consider applying additional security measures until a patch is available.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Abacus Erp