本ページは ptc vuforia_studio に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-31200 | PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | [email protected] | 5.7 | 0.24% | 2023-06-07 | 2026-06-17 |
| CVE-2023-29502 | Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. | [email protected] | 6.2 | 0.50% | 2023-06-07 | 2026-06-17 |
| CVE-2023-29168 | The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | [email protected] | 3.7 | 0.47% | 2023-06-07 | 2026-06-17 |
| CVE-2023-29152 | By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. | [email protected] | 6.2 | 0.45% | 2023-06-07 | 2026-06-17 |
| CVE-2023-27881 | A user could use the “Upload Resource” functionality to upload files to any location on the disk. | [email protected] | 8.0 | 0.66% | 2023-06-07 | 2026-06-17 |
| CVE-2023-24476 | An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. | [email protected] | 1.8 | 0.13% | 2023-06-07 | 2026-06-17 |