Search
Find a vulnerability
Search criteria
4 vulnerabilities by Abacus Research AG
CVE-2025-0001 (GCVE-0-2025-0001)
Vulnerability from nvd – Published: 2025-02-17 09:29 – Updated: 2025-02-18 19:31
VLAI
Title
authenticated arbitrary file read vulnerability
Summary
Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by an authenticated arbitrary file read vulnerability.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-36 - Absolute Path Traversal
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Abacus Research AG | Abacus |
Affected:
0 , < 2024.210.16036
(custom)
Affected: 0 , < 2023.205.15833 (custom) Affected: 0 , < 2022.205.15542 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T17:20:34.965879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:31:29.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Abacus",
"vendor": "Abacus Research AG",
"versions": [
{
"lessThan": "2024.210.16036",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2023.205.15833",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2022.205.15542",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Borel Enzo (testeurdestylos)"
},
{
"lang": "en",
"type": "finder",
"value": "Nicolas Hugues"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by an authenticated arbitrary file read vulnerability."
}
],
"value": "Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by an authenticated arbitrary file read vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-597 Absolute Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36: Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-17T09:29:49.551Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://borelenzo.github.io/stuff/2025/02/15/CVE-2025-0001.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "authenticated arbitrary file read vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2025-0001",
"datePublished": "2025-02-17T09:29:49.551Z",
"dateReserved": "2024-10-09T13:49:52.061Z",
"dateUpdated": "2025-02-18T19:31:29.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1065 (GCVE-0-2022-1065)
Vulnerability from nvd – Published: 2022-04-19 07:50 – Updated: 2024-08-02 23:47
VLAI
Title
Multi Factor Authentication Bypass in various versions of Abacus ERP
Summary
A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions.
Severity
8.1 (High)
CWE
- CWE-304 - Missing Critical Step in Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.redguard.ch/advisories/abacus_mfa_byp… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Abacus Research AG | Abacus ERP |
Affected:
v2022 , < R1 of 2022-01-15
(custom)
Affected: v2021 , < R4 of 2022-01-15 (custom) Affected: v2020 , < R6 of 2022-01-15 (custom) Affected: R5 (service pack) , < v2019* (custom) Affected: R5 (service pack) , < v2018* (custom) Unaffected: v2017 , ≤ and prior versions (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redguard.ch/advisories/abacus_mfa_bypass.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Abacus ERP",
"vendor": "Abacus Research AG",
"versions": [
{
"lessThan": "R1 of 2022-01-15",
"status": "affected",
"version": "v2022",
"versionType": "custom"
},
{
"lessThan": "R4 of 2022-01-15",
"status": "affected",
"version": "v2021",
"versionType": "custom"
},
{
"lessThan": "R6 of 2022-01-15",
"status": "affected",
"version": "v2020",
"versionType": "custom"
},
{
"changes": [
{
"at": "R5 of 2020-03-15",
"status": "affected"
}
],
"lessThan": "v2019*",
"status": "affected",
"version": "R5 (service pack)",
"versionType": "custom"
},
{
"changes": [
{
"at": "R7 of 2020-04-15",
"status": "affected"
}
],
"lessThan": "v2018*",
"status": "affected",
"version": "R5 (service pack)",
"versionType": "custom"
},
{
"lessThanOrEqual": "and prior versions",
"status": "unaffected",
"version": "v2017",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Roman Gribi, Redguard AG"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-304",
"description": "CWE-304 Missing Critical Step in Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T07:50:10.000Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redguard.ch/advisories/abacus_mfa_bypass.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "Install the available hot fixes and / or service packs from 2022-01-15 or newer"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multi Factor Authentication Bypass in various versions of Abacus ERP",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@ncsc.ch",
"ID": "CVE-2022-1065",
"STATE": "PUBLIC",
"TITLE": "Multi Factor Authentication Bypass in various versions of Abacus ERP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Abacus ERP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "v2022",
"version_value": "R1 of 2022-01-15"
},
{
"version_affected": "\u003c",
"version_name": "v2021",
"version_value": "R4 of 2022-01-15"
},
{
"version_affected": "\u003c",
"version_name": "v2020",
"version_value": "R6 of 2022-01-15"
},
{
"version_affected": "\u003e",
"version_name": "v2019",
"version_value": "R5 (service pack)"
},
{
"version_affected": "\u003e",
"version_name": "v2018",
"version_value": "R5 (service pack)"
},
{
"version_affected": "!\u003c",
"version_name": "v2019",
"version_value": "R5 of 2020-03-15"
},
{
"version_affected": "!\u003c",
"version_name": "v2018",
"version_value": "R7 of 2020-04-15"
},
{
"version_affected": "!\u003c=",
"version_name": "v2017",
"version_value": "and prior versions"
}
]
}
}
]
},
"vendor_name": "Abacus Research AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Roman Gribi, Redguard AG"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-304 Missing Critical Step in Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redguard.ch/advisories/abacus_mfa_bypass.txt",
"refsource": "CONFIRM",
"url": "https://www.redguard.ch/advisories/abacus_mfa_bypass.txt"
}
]
},
"solution": [
{
"lang": "en",
"value": "Install the available hot fixes and / or service packs from 2022-01-15 or newer"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2022-1065",
"datePublished": "2022-04-19T07:50:10.000Z",
"dateReserved": "2022-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:43.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0001 (GCVE-0-2025-0001)
Vulnerability from cvelistv5 – Published: 2025-02-17 09:29 – Updated: 2025-02-18 19:31
VLAI
Title
authenticated arbitrary file read vulnerability
Summary
Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by an authenticated arbitrary file read vulnerability.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-36 - Absolute Path Traversal
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Abacus Research AG | Abacus |
Affected:
0 , < 2024.210.16036
(custom)
Affected: 0 , < 2023.205.15833 (custom) Affected: 0 , < 2022.205.15542 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T17:20:34.965879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:31:29.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Abacus",
"vendor": "Abacus Research AG",
"versions": [
{
"lessThan": "2024.210.16036",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2023.205.15833",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2022.205.15542",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Borel Enzo (testeurdestylos)"
},
{
"lang": "en",
"type": "finder",
"value": "Nicolas Hugues"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by an authenticated arbitrary file read vulnerability."
}
],
"value": "Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by an authenticated arbitrary file read vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-597 Absolute Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36: Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-17T09:29:49.551Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://borelenzo.github.io/stuff/2025/02/15/CVE-2025-0001.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "authenticated arbitrary file read vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2025-0001",
"datePublished": "2025-02-17T09:29:49.551Z",
"dateReserved": "2024-10-09T13:49:52.061Z",
"dateUpdated": "2025-02-18T19:31:29.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1065 (GCVE-0-2022-1065)
Vulnerability from cvelistv5 – Published: 2022-04-19 07:50 – Updated: 2024-08-02 23:47
VLAI
Title
Multi Factor Authentication Bypass in various versions of Abacus ERP
Summary
A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions.
Severity
8.1 (High)
CWE
- CWE-304 - Missing Critical Step in Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.redguard.ch/advisories/abacus_mfa_byp… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Abacus Research AG | Abacus ERP |
Affected:
v2022 , < R1 of 2022-01-15
(custom)
Affected: v2021 , < R4 of 2022-01-15 (custom) Affected: v2020 , < R6 of 2022-01-15 (custom) Affected: R5 (service pack) , < v2019* (custom) Affected: R5 (service pack) , < v2018* (custom) Unaffected: v2017 , ≤ and prior versions (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redguard.ch/advisories/abacus_mfa_bypass.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Abacus ERP",
"vendor": "Abacus Research AG",
"versions": [
{
"lessThan": "R1 of 2022-01-15",
"status": "affected",
"version": "v2022",
"versionType": "custom"
},
{
"lessThan": "R4 of 2022-01-15",
"status": "affected",
"version": "v2021",
"versionType": "custom"
},
{
"lessThan": "R6 of 2022-01-15",
"status": "affected",
"version": "v2020",
"versionType": "custom"
},
{
"changes": [
{
"at": "R5 of 2020-03-15",
"status": "affected"
}
],
"lessThan": "v2019*",
"status": "affected",
"version": "R5 (service pack)",
"versionType": "custom"
},
{
"changes": [
{
"at": "R7 of 2020-04-15",
"status": "affected"
}
],
"lessThan": "v2018*",
"status": "affected",
"version": "R5 (service pack)",
"versionType": "custom"
},
{
"lessThanOrEqual": "and prior versions",
"status": "unaffected",
"version": "v2017",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Roman Gribi, Redguard AG"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-304",
"description": "CWE-304 Missing Critical Step in Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T07:50:10.000Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redguard.ch/advisories/abacus_mfa_bypass.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "Install the available hot fixes and / or service packs from 2022-01-15 or newer"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multi Factor Authentication Bypass in various versions of Abacus ERP",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@ncsc.ch",
"ID": "CVE-2022-1065",
"STATE": "PUBLIC",
"TITLE": "Multi Factor Authentication Bypass in various versions of Abacus ERP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Abacus ERP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "v2022",
"version_value": "R1 of 2022-01-15"
},
{
"version_affected": "\u003c",
"version_name": "v2021",
"version_value": "R4 of 2022-01-15"
},
{
"version_affected": "\u003c",
"version_name": "v2020",
"version_value": "R6 of 2022-01-15"
},
{
"version_affected": "\u003e",
"version_name": "v2019",
"version_value": "R5 (service pack)"
},
{
"version_affected": "\u003e",
"version_name": "v2018",
"version_value": "R5 (service pack)"
},
{
"version_affected": "!\u003c",
"version_name": "v2019",
"version_value": "R5 of 2020-03-15"
},
{
"version_affected": "!\u003c",
"version_name": "v2018",
"version_value": "R7 of 2020-04-15"
},
{
"version_affected": "!\u003c=",
"version_name": "v2017",
"version_value": "and prior versions"
}
]
}
}
]
},
"vendor_name": "Abacus Research AG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Roman Gribi, Redguard AG"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-304 Missing Critical Step in Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redguard.ch/advisories/abacus_mfa_bypass.txt",
"refsource": "CONFIRM",
"url": "https://www.redguard.ch/advisories/abacus_mfa_bypass.txt"
}
]
},
"solution": [
{
"lang": "en",
"value": "Install the available hot fixes and / or service packs from 2022-01-15 or newer"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2022-1065",
"datePublished": "2022-04-19T07:50:10.000Z",
"dateReserved": "2022-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:43.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}