PTC Vuforia Studio Improper Authorization
CVE-2023-24476

3.3LOW

Key Information:

Vendor: PTC
Status: Vuforia Studio
Vendor: CVE Published:; 7 June 2023

What is CVE-2023-24476?

An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.

Affected Version(s)

Vuforia Studio 0 < 9.9

References

https://https://www.cisa.gov/news-events/ics-advisories/i...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
Apr 24, 2023

Credit

Lockheed Martin—Red Team reported these vulnerabilities to PTC.