Skip to main content

Vuforia Studio

6 CVEs product

Monthly

CVE-2023-31200 HIGH This Week

PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Vuforia Studio
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2023-29502 MEDIUM This Month

Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Vuforia Studio
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-29168 HIGH This Week

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vuforia Studio
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-29152 HIGH This Week

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vuforia Studio
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-27881 CRITICAL Act Now

A user could use the “Upload Resource” functionality to upload files to any location on the disk. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Vuforia Studio
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-24476 LOW Monitor

An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Vuforia Studio
NVD
CVSS 3.1
3.3
EPSS
0.1%
EPSS 0% CVSS 8.0
HIGH This Week

PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Vuforia Studio
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Vuforia Studio
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vuforia Studio
NVD
EPSS 0% CVSS 8.1
HIGH This Week

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vuforia Studio
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

A user could use the “Upload Resource” functionality to upload files to any location on the disk. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Vuforia Studio
NVD
EPSS 0% CVSS 3.3
LOW Monitor

An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Vuforia Studio
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy