Vulnerabilities
Vulnerable Software
Ptc:  >> Vuforia Studio  Security Vulnerabilities
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.
CVSS Score
5.7
EPSS Score
0.0
Published
2023-06-07
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
CVSS Score
1.8
EPSS Score
0.0
Published
2023-06-07
A user could use the “Upload Resource” functionality to upload files to any location on the disk.
CVSS Score
8.0
EPSS Score
0.001
Published
2023-06-07
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-06-07
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
CVSS Score
3.7
EPSS Score
0.001
Published
2023-06-07
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-06-07


Contact Us

Shodan ® - All rights reserved