Filtered by vendor Ptc
Subscriptions
Filtered by product Vuforia Studio
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31200 | 1 Ptc | 1 Vuforia Studio | 2024-08-02 | 5.7 Medium |
| PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | ||||
| CVE-2023-29502 | 1 Ptc | 1 Vuforia Studio | 2024-08-02 | 6.2 Medium |
| Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. | ||||
| CVE-2023-29152 | 1 Ptc | 1 Vuforia Studio | 2024-08-02 | 6.2 Medium |
| By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. | ||||
| CVE-2023-29168 | 1 Ptc | 1 Vuforia Studio | 2024-08-02 | 3.7 Low |
| The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | ||||
| CVE-2023-27881 | 1 Ptc | 1 Vuforia Studio | 2024-08-02 | 8 High |
| A user could use the “Upload Resource” functionality to upload files to any location on the disk. | ||||
| CVE-2023-24476 | 1 Ptc | 1 Vuforia Studio | 2024-08-02 | 1.8 Low |
| An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. | ||||
Page 1 of 1.