Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
CVE-2023-49075
7.2HIGH
What is CVE-2023-49075?
The Admin Classic Bundle for Pimcore has a vulnerability that disables two-factor authentication across all non-admin security firewalls. This flaw allows authenticated users to bypass the two-factor authentication mechanism, providing them access to the system without the additional security credentials typically required. This issue was rectified in version 1.2.2, ensuring that the two-factor authentication process remains intact for all users.
Affected Version(s)
admin-ui-classic-bundle < 1.2.2