Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29502 | 1 Ptc | 1 Vuforia Studio | 2023-12-10 | N/A | 4.3 MEDIUM |
| Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. | |||||
| CVE-2023-29168 | 1 Ptc | 1 Vuforia Studio | 2023-12-10 | N/A | 7.5 HIGH |
| The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | |||||
| CVE-2023-24476 | 1 Ptc | 1 Vuforia Studio | 2023-12-10 | N/A | 3.3 LOW |
| An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. | |||||
| CVE-2023-27881 | 1 Ptc | 1 Vuforia Studio | 2023-12-10 | N/A | 9.9 CRITICAL |
| A user could use the “Upload Resource” functionality to upload files to any location on the disk. | |||||
| CVE-2023-29152 | 1 Ptc | 1 Vuforia Studio | 2023-12-10 | N/A | 8.1 HIGH |
| By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. | |||||
| CVE-2023-31200 | 1 Ptc | 1 Vuforia Studio | 2023-12-10 | N/A | 8.0 HIGH |
| PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | |||||