Lucene search

IcscertCVELIST:CVE-2023-31200

HistoryJun 07, 2023 - 9:52 p.m.

CVE-2023-31200 PTC Vuforia Studio Cross-Site Request Forgery

2023-06-0721:52:29

CWE-352

icscert

www.cve.org

ptc

vuforia studio

csrf

vulnerability

token

requirement

attack

replay

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.8%

JSON

PTC Vuforia Studio does not require a token; this could allow an
attacker with local access to perform a cross-site request forgery
attack or a replay attack.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Vuforia Studio",
    "vendor": "PTC ",
    "versions": [
      {
        "lessThan": "9.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.8%

JSON

Related for CVELIST:CVE-2023-31200