Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ptc vuforia studio vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-29168
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
Ptc Vuforia Studio
NA
CVE-2023-27881
A user could use the “Upload Resource” functionality to upload files to any location on the disk.
Ptc Vuforia Studio
NA
CVE-2023-31200
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.
Ptc Vuforia Studio
NA
CVE-2023-29152
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.
Ptc Vuforia Studio
NA
CVE-2023-29502
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.
Ptc Vuforia Studio
NA
CVE-2023-24476
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
Ptc Vuforia Studio
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started