HIGH✓ PATCH🇬🇧 English

CVE-2023-49075

CVSS 8.4v3.1pub. 2023-11-28upd. 2024-11-21

The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
  • Pimcore Admin Classic Bundle

    APP
    Pimcore
    < 1.2.2
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Firewall
CWE
Referencje

Powiązane podatności

CVE-2024-25625HIGH8.1ten sam produkt

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been ...

CVE-2024-23648HIGH8.8ten sam produkt

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality...

CVE-2024-23646HIGH8.8ten sam produkt

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to ...

CVE-2023-5844HIGH7.2ten sam produkt

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.

CVE-2026-23495MEDIUM4.3ten sam produkt

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint ...

CVE-2023-49075 — HIGH 8.4 | CVEbaza.pl