Every CVE whose affected-product data names Ptc Vuforia Studio, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-27881 — CVSS 8.0 (high): A user could use the “Upload Resource” functionality to upload files to any location on the disk.
CVE-2023-29152 — CVSS 6.2 (medium): By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.
CVE-2023-29502 — CVSS 6.2 (medium): Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a…
CVE-2023-31200 — CVSS 5.7 (medium): PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack…
CVE-2023-29168 — CVSS 3.7 (low): The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
CVE-2023-24476 — CVSS 1.8 (low): An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server…