CVE-2023-24476

EUVD-2023-28494
An attacker with local access to the machine could record the traffic, 
which could allow them to resend requests without the server 
authenticating that the user or session are valid.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
1.8 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
icscertCNA
1.8 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
ptcvuforia_studio
𝑥
< 9.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13
https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13