Page 3 of 35 results (0.005 seconds)

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

A user could use the “Upload Resource” functionality to upload files to any location on the disk. • https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. • https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 • CWE-285: Improper Authorization •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. • https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 • CWE-285: Improper Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. • https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 • CWE-522: Insufficiently Protected Credentials •

CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0

The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to crash the server and remotely execute arbitrary code. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01 • CWE-190: Integer Overflow or Wraparound •