CVE-2024-40395

An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level.
References
Link Resource
https://pastebin.com/9dc4LYGA Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ptc:thingworx:9.5.0:*:*:*:*:*:*:*

History

30 Aug 2024, 14:35

Type Values Removed Values Added
CPE cpe:2.3:a:ptc:thingworx:9.5.0:*:*:*:*:*:*:*
First Time Ptc thingworx
Ptc
CWE CWE-639
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References () https://pastebin.com/9dc4LYGA - () https://pastebin.com/9dc4LYGA - Third Party Advisory
Summary
  • (es) Una referencia de objeto directa insegura (IDOR) en PTC ThingWorx v9.5.0 permite a los atacantes ver información confidencial, incluida la PII, independientemente del nivel de acceso.

27 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-27 16:15

Updated : 2024-08-30 14:35


NVD link : CVE-2024-40395

Mitre link : CVE-2024-40395

CVE.ORG link : CVE-2024-40395


JSON object : View

Products Affected

ptc

  • thingworx
CWE
CWE-639

Authorization Bypass Through User-Controlled Key