Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ptc vuforia studio vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2023-24476
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
Ptc Vuforia Studio
4.3
CVSSv3
CVE-2023-29502
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.
Ptc Vuforia Studio
8.1
CVSSv3
CVE-2023-29152
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.
Ptc Vuforia Studio
8
CVSSv3
CVE-2023-31200
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.
Ptc Vuforia Studio
9.9
CVSSv3
CVE-2023-27881
A user could use the “Upload Resource” functionality to upload files to any location on the disk.
Ptc Vuforia Studio
7.5
CVSSv3
CVE-2023-29168
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
Ptc Vuforia Studio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started