Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31200 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 5.7 MEDIUM |
|
PTC Vuforia Studio does not require a token; this could allow an
attacker with local access to perform a cross-site request forgery
attack or a replay attack.
|
|||||
| CVE-2023-29502 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Before importing a project into Vuforia, a user could modify the
“resourceDirectory” attribute in the appConfig.json file to be a
different path.
|
|||||
| CVE-2023-29168 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 3.7 LOW |
|
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
|
|||||
| CVE-2023-29152 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 6.2 MEDIUM |
|
By changing the filename parameter in the request, an attacker could
delete any file with the permissions of the Vuforia server account.
|
|||||
| CVE-2023-27881 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 8.0 HIGH |
|
A user could use the “Upload Resource” functionality to upload files to any location on the disk.
|
|||||
| CVE-2023-24476 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 1.8 LOW |
|
An attacker with local access to the machine could record the traffic,
which could allow them to resend requests without the server
authenticating that the user or session are valid.
|
|||||