CVE-2023-49075

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Nov 28, 2023

Updated: Dec 4, 2023

CWE ID 308

Summary

CVE-2023-49075 is a vulnerability affecting the Admin Classic Bundle of Pimcore's Backend UI. The `AdminBundle\\Security\\PimcoreUserTwoFactorCondition` component, newly introduced in version 11, inadvertently disables two-factor authentication for all non-admin security firewalls. As a result, an authenticated user can gain unauthorized access to the system without providing the required two-factor credentials. This issue has been rectified in version 1.2.2.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Pimcore Admin Classic Bundle

Affected Vendors

Pimcore

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tgfHvk
https://www.cve.org/CVERecord?id=CVE-2023-49075
https://nvd.nist.gov/vuln/detail/CVE-2023-49075

Back to Vulnerability Database