Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-1065

Опубликовано: 19 апр. 2022
Источник: nvd
CVSS3: 8.1
CVSS3: 8.8
CVSS2: 9
EPSS Низкий

Описание

A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:abacus:abacus_erp_2018:*:*:*:*:*:*:*:*
Версия от r7 (включая)
cpe:2.3:a:abacus:abacus_erp_2019:*:*:*:*:*:*:*:*
Версия от r5 (включая)
cpe:2.3:a:abacus:abacus_erp_2020:*:*:*:*:*:*:*:*
Версия до r6 (исключая)
cpe:2.3:a:abacus:abacus_erp_2021:*:*:*:*:*:*:*:*
Версия до r4 (исключая)
cpe:2.3:a:abacus:abacus_erp_2022:*:*:*:*:*:*:*:*
Версия до r1 (исключая)

EPSS

Процентиль: 82%
0.01634
Низкий

8.1 High

CVSS3

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-304
CWE-287

Связанные уязвимости

github логотип

GHSA-gc8j-wq9j-m4cx

CVSS3: 8.8
github
почти 4 года назад

A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions.

EPSS

Процентиль: 82%
0.01634
Низкий

8.1 High

CVSS3

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-304
CWE-287