CVE-2023-29502

Summary

Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.

Affected Software

VendorProductVersion RangeStatus
PTCVuforia Studio0 < 9.9affected

Weaknesses

  • CWE-22: CWE-22: Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References