Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ptc vuforia studio vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2023-29152
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.
Ptc Vuforia Studio
7.5
CVSSv3
CVE-2023-29168
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
Ptc Vuforia Studio
9.9
CVSSv3
CVE-2023-27881
A user could use the “Upload Resource” functionality to upload files to any location on the disk.
Ptc Vuforia Studio
3.3
CVSSv3
CVE-2023-24476
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
Ptc Vuforia Studio
8
CVSSv3
CVE-2023-31200
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.
Ptc Vuforia Studio
4.3
CVSSv3
CVE-2023-29502
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.
Ptc Vuforia Studio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started