Vulnerability in Pimcore Admin-ui-classic-bundle
CVE-2023-49075
The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access…
EPSS: 0.000 (2.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H.
Affected products
- Pimcore Admin-ui-classic-bundle — versions < 1.2.2
Weakness classification (CWE)
References
- https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg (x_refsource_CONFIRM)
- https://github.com/pimcore/admin-ui-classic-bundle/pull/345 (x_refsource_MISC)
- https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628 (x_refsource_MISC)
- https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch (x_refsource_MISC)
Frequently asked questions
- What is CVE-2023-49075?
- CVE-2023-49075 is a high-severity vulnerability in Pimcore Admin-ui-classic-bundle, classified under Use of Single-factor Authentication. CVSS score: 8.5/10. Published 2023-11-28.
- How severe is CVE-2023-49075?
- High severity. CVSS v3 base score is 8.5 out of 10.