Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ptc vuforia studio vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-29152
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.
Ptc Vuforia Studio
NA
CVE-2023-29502
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.
Ptc Vuforia Studio
NA
CVE-2023-29168
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
Ptc Vuforia Studio
NA
CVE-2023-31200
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.
Ptc Vuforia Studio
NA
CVE-2023-27881
A user could use the “Upload Resource” functionality to upload files to any location on the disk.
Ptc Vuforia Studio
NA
CVE-2023-24476
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
Ptc Vuforia Studio
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started