An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level.
References
Link | Resource |
---|---|
https://pastebin.com/9dc4LYGA | Third Party Advisory |
Configurations
History
30 Aug 2024, 14:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
Summary |
|
|
First Time |
Ptc thingworx
Ptc |
|
CWE | CWE-639 | |
CPE | cpe:2.3:a:ptc:thingworx:9.5.0:*:*:*:*:*:*:* | |
References | () https://pastebin.com/9dc4LYGA - Third Party Advisory |
27 Aug 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-27 16:15
Updated : 2024-08-30 14:35
NVD link : CVE-2024-40395
Mitre link : CVE-2024-40395
CVE.ORG link : CVE-2024-40395
JSON object : View
Products Affected
ptc
- thingworx
CWE
CWE-639
Authorization Bypass Through User-Controlled Key