This page lists publicly disclosed CVE vulnerabilities affecting ptc vuforia_studio (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-31200 | PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | [email protected] | 5.7 | 0.07% | 2023-06-07 | 2024-11-21 |
| CVE-2023-29502 | Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. | [email protected] | 6.2 | 0.24% | 2023-06-07 | 2024-11-21 |
| CVE-2023-29168 | The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | [email protected] | 3.7 | 0.18% | 2023-06-07 | 2024-11-21 |
| CVE-2023-29152 | By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. | [email protected] | 6.2 | 0.10% | 2023-06-07 | 2024-11-21 |
| CVE-2023-27881 | A user could use the “Upload Resource” functionality to upload files to any location on the disk. | [email protected] | 8.0 | 0.06% | 2023-06-07 | 2024-11-21 |
| CVE-2023-24476 | An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. | [email protected] | 1.8 | 0.04% | 2023-06-07 | 2024-11-21 |