HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2023-49075

CVSS 8.4v3.1pub. 2023-11-28upd. 2024-11-21

The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
  • Pimcore Admin Classic Bundle

    APP
    Pimcore
    < 1.2.2
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Firewall
CWE
References

Related vulnerabilities

CVE-2024-25625HIGH8.1ten sam produkt

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been ...

CVE-2024-23648HIGH8.8ten sam produkt

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality...

CVE-2024-23646HIGH8.8ten sam produkt

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to ...

CVE-2023-5844HIGH7.2ten sam produkt

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.

CVE-2026-23495MEDIUM4.3ten sam produkt

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint ...