CVE-2023-29152

Summary

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.

Affected Software

VendorProductVersion RangeStatus
PTCVuforia Studio0 < 9.9affected

Weaknesses

  • CWE-285: CWE-285: Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References