Home > Vulnerability Database > CVE-2023-49075

Mend.io Vulnerability Database

CVE-2023-49075

Good to know:

Date: November 28, 2023

The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.

Language: PHP

Severity Score

7.2

Related Resources (6)

Url: https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch

Url: https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg

Url: https://github.com/pimcore/admin-ui-classic-bundle/pull/345

Url: https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-49075

Url: https://www.mend.io/vulnerability-database/CVE-2023-49075

Severity Score

7.2

Weakness Type (CWE)

Use of Single-factor Authentication

CWE-308

Top Fix

Upgrade Version

Upgrade to version v1.2.2

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-49075

Good to know:

Date: November 28, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?