Vuforia Studio Security Vulnerabilities and Issues — Vuforia Studio CVE List

Lucene search

PtcVuforia Studio

6 matches found

CVE•added 2023/06/07 10:15 p.m.•44 views

CVE-2023-27881

A user could use the “Upload Resource” functionality to upload files to any location on the disk.

9.9CVSS8.9AI score0.00058EPSS

CVE•added 2023/06/07 10:15 p.m.•39 views

CVE-2023-31200

PTC Vuforia Studio does not require a token; this could allow anattacker with local access to perform a cross-site request forgeryattack or a replay attack.

8CVSS6.5AI score0.00029EPSS

CVE•added 2023/06/07 10:15 p.m.•33 views

CVE-2023-24476

An attacker with local access to the machine could record the traffic,which could allow them to resend requests without the serverauthenticating that the user or session are valid.

3.3CVSS4.2AI score0.00015EPSS

CVE•added 2023/06/07 10:15 p.m.•33 views

CVE-2023-29152

By changing the filename parameter in the request, an attacker coulddelete any file with the permissions of the Vuforia server account.

8.1CVSS7AI score0.00024EPSS

CVE•added 2023/06/07 10:15 p.m.•33 views

CVE-2023-29168

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.

7.5CVSS5.8AI score0.00074EPSS

CVE•added 2023/06/07 10:15 p.m.•31 views

CVE-2023-29502

Before importing a project into Vuforia, a user could modify the“resourceDirectory” attribute in the appConfig.json file to be adifferent path.

6.2CVSS5.1AI score0.00043EPSS