Vulnerabilities > PTC > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-27 | CVE-2024-40395 | Authorization Bypass Through User-Controlled Key vulnerability in PTC Thingworx 9.5.0 An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level. | 6.5 |
2024-01-10 | CVE-2023-29446 | Improper Input Validation vulnerability in PTC products An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. | 4.7 |
2024-01-10 | CVE-2023-29447 | Insufficiently Protected Credentials vulnerability in PTC products An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. | 5.3 |
2023-06-07 | CVE-2023-29502 | Unspecified vulnerability in PTC Vuforia Studio Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. | 4.3 |
2022-03-16 | CVE-2022-25248 | Information Exposure vulnerability in PTC Axeda Agent and Axeda Desktop Server When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service. | 5.3 |
2018-10-01 | CVE-2018-17218 | Cross-site Scripting vulnerability in PTC Thingworx Platform An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. | 5.4 |
2018-10-01 | CVE-2018-17216 | Information Exposure vulnerability in PTC Thingworx Platform An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. | 6.5 |