- EPSS 0.03%
- Veröffentlicht 07.06.2023 22:15:10
- Zuletzt bearbeitet 21.11.2024 08:01:37
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.
CVE-2023-24476
- EPSS 0.02%
- Veröffentlicht 07.06.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 07:47:56
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
CVE-2023-27881
- EPSS 0.06%
- Veröffentlicht 07.06.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 07:53:37
A user could use the “Upload Resource” functionality to upload files to any location on the disk.
CVE-2023-29152
- EPSS 0.02%
- Veröffentlicht 07.06.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 07:56:37
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.
CVE-2023-29168
- EPSS 0.07%
- Veröffentlicht 07.06.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 07:56:39
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
CVE-2023-29502
- EPSS 0.04%
- Veröffentlicht 07.06.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 07:57:11
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.