Filtered by vendor Ptc
Subscriptions
Filtered by product Vuforia Studio
Subscriptions
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-31200 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | 5.7 Medium |
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | ||||
CVE-2023-29502 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | 6.2 Medium |
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. | ||||
CVE-2023-29168 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | 3.7 Low |
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | ||||
CVE-2023-29152 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | 6.2 Medium |
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. | ||||
CVE-2023-27881 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | 8 High |
A user could use the “Upload Resource” functionality to upload files to any location on the disk. | ||||
CVE-2023-24476 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | 1.8 Low |
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. |
Page 1 of 1.