Home > Vulnerability Database > CVE-2023-49075

Mend.io Vulnerability Database

CVE-2023-49075

Date: November 27, 2023

The Admin Classic Bundle provides a Backend UI for Pimcore. "AdminBundle\Security\PimcoreUserTwoFactorCondition" introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.

Language: PHP

Severity Score

8.4

Related Resources (7)

Url: https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch

Url: https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg

Url: https://github.com/pimcore/admin-ui-classic-bundle

Url: https://github.com/pimcore/admin-ui-classic-bundle/pull/345

Url: https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-49075

Url: https://www.mend.io/vulnerability-database/CVE-2023-49075

Severity Score

8.4

Weakness Type (CWE)

Use of Single-factor Authentication

CWE-308

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-49075

Date: November 27, 2023

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?