CVE-2023-49075

Summary

The Admin Classic Bundle provides a Backend UI for Pimcore. AdminBundle\Security\PimcoreUserTwoFactorCondition introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.

Affected Software

VendorProductVersion RangeStatus
pimcoreadmin-ui-classic-bundle< 1.2.2affected

Weaknesses

  • CWE-308: CWE-308: Use of Single-factor Authentication

ADP Enrichment

CVE Program Container

Additional References

References