GCVE - cpe:2.3:a:ptc:vuforia_studio:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ptc:vuforia_studio:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ptc (`82b7fc5a-4572-5fe8-94f5-067fd527cbdb`)
Product	Vuforia Studio (`8b00736b-da53-5766-afdf-d4650c160f3b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/ptc-ar-sharing/vuforiastudio`	purl2cpe	2026-06-01 10:11:50.146984

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-31200`	vulnerable	2026-06-03 14:51:54.927533	PTC Vuforia Studio Cross-Site Request Forgery MEDIUM (5.7) PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. Published: 2023-06-07T21:52:29.300Z Updated: 2025-01-06T20:57:59.055Z Open on db.gcve.eu Reference links https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-29502`	vulnerable	2026-06-03 14:51:41.177055	PTC Vuforia Studio Path Traversal MEDIUM (6.2) Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. Published: 2023-06-07T21:50:29.836Z Updated: 2025-01-06T20:59:14.814Z Open on db.gcve.eu Reference links https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-29168`	vulnerable	2026-06-03 14:51:39.999690	PTC Vuforia Studio Insufficiently Protected Credentials LOW (3.7) The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. Published: 2023-06-07T21:42:46.886Z Updated: 2025-01-06T19:58:39.131Z Open on db.gcve.eu Reference links https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-29152`	vulnerable	2026-06-03 14:51:39.907316	PTC Vuforia Studio Improper Authorization MEDIUM (6.2) By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. Published: 2023-06-07T21:46:20.797Z Updated: 2025-01-06T21:22:20.741Z Open on db.gcve.eu Reference links https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-27881`	vulnerable	2026-06-03 14:51:02.803947	PTC Vuforia Studio Unrestricted Upload of File with Dangerous Type HIGH (8) A user could use the “Upload Resource” functionality to upload files to any location on the disk. Published: 2023-06-07T21:48:50.037Z Updated: 2025-01-06T19:57:24.859Z Open on db.gcve.eu Reference links https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-24476`	vulnerable	2026-06-03 14:49:29.807272	PTC Vuforia Studio Improper Authorization LOW (1.8) An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. Published: 2023-06-07T21:44:56.326Z Updated: 2025-01-06T19:52:37.584Z Open on db.gcve.eu Reference links https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.