Skip to main content

Admin Classic Bundle CVE-2023-49075

HIGH
Use of Single-factor Authentication (CWE-308)
2023-11-28 security-advisories@github.com
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 28, 2023 - 05:15 nvd
HIGH 7.2

DescriptionNVD

The Admin Classic Bundle provides a Backend UI for Pimcore. AdminBundle\Security\PimcoreUserTwoFactorCondition introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.

AnalysisAI

The Admin Classic Bundle provides a Backend UI for Pimcore. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-308. The Admin Classic Bundle provides a Backend UI for Pimcore. AdminBundle\Security\PimcoreUserTwoFactorCondition introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2. Affected products include: Pimcore Admin Classic Bundle. Version information: version 1.2.2..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-25625 CRITICAL POC
9.3 Feb 19

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Rated critical severity (CVSS 9.3), this vulnerability

CVE-2024-23646 HIGH POC
8.8 Jan 24

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated high severity (CVSS 8.8), this vulne

CVE-2024-23648 HIGH POC
8.8 Jan 24

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated high severity (CVSS 8.8), this vulne

CVE-2023-5844 HIGH POC
7.2 Oct 30

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. Rated high severity (CVS

CVE-2024-41109 MEDIUM POC
6.5 Jul 30

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated medium severity (CVSS 6.5), this vul

CVE-2023-47636 MEDIUM POC
5.3 Nov 15

The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Rated medium severity (CVSS 5.3), this vulnerability

CVE-2024-24822 CRITICAL
9.1 Feb 07

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated critical severity (CVSS 9.1), this v

CVE-2026-23495 MEDIUM POC
4.3 Jan 15

Pimcore Admin Classic Bundle versions prior to 2.2.3 and 1.7.16 fail to enforce proper authorization on the Predefined P

CVE-2023-46722 MEDIUM
6.1 Oct 31

The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Rated medium severity (CVSS 6.1), this vulnerability

CVE-2023-37280 MEDIUM
6.1 Jul 11

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. Rated medium severity (CVSS

CVE-2023-42817 MEDIUM
5.4 Sep 25

Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. Rated medium severity (CVSS 5.4), this vulnerability

CVE-2025-30166 LOW
1.8 Apr 08

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Rated low severity (CVSS 1.8), this vulnerability is r

Share

CVE-2023-49075 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy