CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27881 – PTC Vuforia Studio Unrestricted Upload of File with Dangerous Type
https://notcve.org/view.php?id=CVE-2023-27881
A user could use the “Upload Resource” functionality to upload files to any location on the disk. • https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29152 – PTC Vuforia Studio Improper Authorization
https://notcve.org/view.php?id=CVE-2023-29152
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. • https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 • CWE-285: Improper Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24476 – PTC Vuforia Studio Improper Authorization
https://notcve.org/view.php?id=CVE-2023-24476
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. • https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29168 – PTC Vuforia Studio Insufficiently Protected Credentials
https://notcve.org/view.php?id=CVE-2023-29168
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. • https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-0754
https://notcve.org/view.php?id=CVE-2023-0754
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01 • CWE-190: Integer Overflow or Wraparound •