CVE-2023-31200

PTC Vuforia Studio contains a Cross-Site Request Forgery vulnerability (CVE-2023-31200): the local web app does not require a token, enabling an attacker with local access to perform CSRF or replay attacks. Affected products include Vuforia Studio prior to version 9.9. Mitigation recommended by t...

CVE-2023-31200 PTC Vuforia Studio Cross-Site Request Forgery

PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack...

CVE-2023-29502 PTC Vuforia Studio Path Traversal

Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path...

CVE-2023-29502 PTC Vuforia Studio Path Traversal

Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path...

CVE-2023-27881 PTC Vuforia Studio Unrestricted Upload of File with Dangerous Type

A user could use the “Upload Resource” functionality to upload files to any location on the disk...

CVE-2023-29152 PTC Vuforia Studio Improper Authorization

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...

CVE-2023-29168 PTC Vuforia Studio Insufficiently Protected Credentials

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication...

PTC Vuforia Studio 授权问题漏洞

PTC Vuforia Studio is an easy-to-use, web-native tool from PTC for authoring domain and task-specific experiences. These experiences provide integrated views of digital and physical product data, dashboards, and alerts through 2D, 3D, and augmented reality. An authorization issue vulnerability...