CVE-2023-49075

Name of the Vulnerable Software and Affected Versions Admin Classic Bundle versions prior to 1.2.2

Description The issue concerns the AdminBundleSecurityPimcoreUserTwoFactorCondition class, which was introduced in version 11 and disables two-factor authentication for all non-admin security firewalls. As a result, an authenticated user can access the system without providing two-factor credentials.

Recommendations For versions prior to 1.2.2, upgrade to version 1.2.2 to resolve the issue. As a temporary workaround, consider applying the patch manually to disable the vulnerable condition until a formal update can be applied. Restrict access to sensitive areas of the system to minimize the risk of exploitation.