CVE-2019-18985

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-18985
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18985.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-18985
Aliases
Published
2019-11-15T05:15:12.987Z
Modified
2026-03-15T15:06:05.033975Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Pimcore before 6.2.2 lacks brute force protection for the 2FA token.

References

Affected packages

Git / github.com/pimcore/pimcore

Affected ranges

Type
GIT
Repo
https://github.com/pimcore/pimcore
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
75a93f6e3edf90444d88695d190a6dfaa8c2499e
Fixed
9f2d075243a8392c114d9a8028858b9faf041e2d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.2.2"
        }
    ]
}

Affected versions

2.*
2.2.0
2.2.1
2.2.2
2.3.0
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.0
3.1.1
4.*
4.0.0
4.0.1
4.1.0
4.1.1
4.1.2
4.1.3
4.2.0
4.3.0
4.3.1
4.4.0
4.4.1
4.4.2
4.4.3
4.5.0
v5.*
v5.0.0
v5.0.0-RC
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.1.0
v5.1.0-alpha
v5.1.1
v5.1.2
v5.1.3
v5.2.0
v5.2.3
v5.3.0
v5.3.1
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v5.5.0
v5.5.1
v5.5.2
v5.5.3
v5.5.4
v5.6.0
v5.6.1
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.7.0
v5.7.1
v5.7.2
v5.7.3
v5.8.0
v5.8.1
v5.8.2
v5.8.3
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.1.0
v6.1.1
v6.1.2
v6.2.0
v6.2.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18985.json"