cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-43655,https://securityvulnerability.io/vulnerability/CVE-2022-43655,Remote Code Execution Vulnerability in Bentley View,"A vulnerability exists in Bentley View related to the parsing of FBX files, which can lead to a heap-based buffer overflow. The flaw arises from insufficient validation of the length of user-supplied data before it is copied to a fixed-length heap-based buffer. This weakness allows remote attackers to execute arbitrary code on vulnerable installations. Successful exploitation of this vulnerability necessitates user interaction, as the target must either visit a malicious web page or open a compromised FBX file. Proper security measures and updates are essential to protect against potential exploitation.",Bentley,View,7.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-05-07T22:55:00.105Z,0
CVE-2022-43653,https://securityvulnerability.io/vulnerability/CVE-2022-43653,Remote Code Execution Vulnerability in Bentley View,"This vulnerability in Bentley View arises from a specific flaw in the way SKP files are parsed. An attacker who crafts malicious data within an SKP file can exploit this flaw to write beyond the allocated buffer's end, potentially leading to the execution of arbitrary code. User interaction is necessary for the exploit as it demands that the victim visit a compromised webpage or open a rigged SKP file. Organizations using Bentley View should remain vigilant by applying security updates and educating users about the risks associated with opening suspicious files.",Bentley,View,7.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2024-05-07T22:54:58.166Z,0
CVE-2022-43651,https://securityvulnerability.io/vulnerability/CVE-2022-43651,Remote Code Execution Vulnerability in Bentley View,"A vulnerability exists in Bentley View due to improper handling of SKP file parsing, allowing remote attackers to exploit the flaw by crafting malicious SKP files or web pages containing such files. The issue arises from the failure to verify the existence of an object before conducting operations on it, leading to a use-after-free condition. An attacker can trigger this vulnerability to execute arbitrary code in the context of the currently running process, necessitating user interaction to achieve exploitation.",Bentley,View,7.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2024-05-07T22:54:56.217Z,0
CVE-2023-44430,https://securityvulnerability.io/vulnerability/CVE-2023-44430,Remote Code Execution Vulnerability in Bentley View,"A vulnerability exists within the Bentley View application related to the parsing of SKP files, which may allow remote attackers to execute arbitrary code. This flaw stems from inadequate validation of object existence before operations are performed, leading to a use-after-free condition. To exploit this vulnerability, an attacker must trick a user into opening a specially crafted file or visiting a malicious webpage, thereby executing code within the current process context. Users of Bentley View are strongly advised to apply the recommended security updates to mitigate potential risks.",Bentley,View,7.8,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-05-03T02:13:56.897Z,0
CVE-2023-51708,https://securityvulnerability.io/vulnerability/CVE-2023-51708,Information Disclosure Vulnerability in Bentley eB System Management Console and Assetwise Integrity,"The Bentley eB System Management Console and Assetwise Integrity Information Server are susceptible to an information disclosure vulnerability. This issue allows unauthenticated users to exploit misconfigurations through crafted requests, potentially revealing sensitive configuration options. Users of the affected versions should prioritize updates to mitigate risks associated with this vulnerability.",Bentley,,8.6,HIGH,0.0013899999903514981,false,,false,false,false,,,false,false,,2023-12-22T02:15:00.000Z,0
CVE-2022-28307,https://securityvulnerability.io/vulnerability/CVE-2022-28307,Arbitrary Code Execution Vulnerability in Bentley View Software,"This vulnerability in Bentley View versions 10.16.02.022 allows remote attackers to execute arbitrary code when users are tricked into opening a malicious DXF file or visiting a compromised webpage. The flaw arises from improper handling of crafted DXF data, leading to a read past the end of an allocated buffer. This means that attackers can potentially execute unauthorized code within the context of the application, posing a significant security risk.",Bentley,View,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28311,https://securityvulnerability.io/vulnerability/CVE-2022-28311,Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT by Bentley Systems,"This vulnerability enables remote attackers to execute arbitrary code on installations of Bentley MicroStation CONNECT version 10.16.02.034. The issue arises during the parsing of DXF files, where crafted data can lead to a read past the end of an allocated buffer. Exploitation requires user interaction, as the target must either visit a malicious webpage or open a compromised file. By leveraging this vulnerability, an attacker can execute code within the context of the affected process, posing significant security risks.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28317,https://securityvulnerability.io/vulnerability/CVE-2022-28317,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"This vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code by exploiting a flaw in the parsing of IFC files. The exploit requires user interaction, as the target must either visit a malicious webpage or open a compromised file. The underlying issue stems from improper memory initialization before access. Successful exploitation permits an attacker to run code in the context of the current process, posing a significant security risk for users.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28318,https://securityvulnerability.io/vulnerability/CVE-2022-28318,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"A security flaw in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code by manipulating IFC files. The vulnerability is triggered when users visit a malicious page or open a compromised IFC file, leading to a buffer overflow that can execute code within the current process's context. To mitigate risks, users should ensure they are using the latest software version and maintain awareness of suspicious files.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28302,https://securityvulnerability.io/vulnerability/CVE-2022-28302,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"This vulnerability affects installations of Bentley MicroStation CONNECT 10.16.02.34, allowing remote attackers to execute arbitrary code. Exploitation requires user interaction, as a user must visit a malicious webpage or open a specially crafted file. The flaw resides in the parsing of IFC files, where crafted data can cause a read past the end of an allocated buffer, enabling the execution of malicious code in the context of the current process.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28306,https://securityvulnerability.io/vulnerability/CVE-2022-28306,Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT,"This vulnerability exposes installations of Bentley MicroStation CONNECT to arbitrary code execution, enabling remote attackers to take control of the process. The exploit requires user interaction, as the target must open a malicious OBJ file. The flaw results from inadequate validation of user-supplied data length when parsing OBJ files, leading to potential buffer overflow conditions. An attacker can leverage this weakness to execute arbitrary code with the privileges of the current process, posing a significant risk to affected systems.",Bentley,Microstation Connect,7.8,HIGH,0.0018100000452250242,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28320,https://securityvulnerability.io/vulnerability/CVE-2022-28320,Remote Code Execution Vulnerability in Bentley View by Bentley Systems,"This vulnerability in Bentley View enables remote attackers to execute arbitrary code on affected installations by exploiting a flaw in the parsing of 3DM files. The vulnerability arises due to improper memory initialization before access, requiring the target user to unknowingly visit a malicious webpage or open a compromised file. By leveraging this security hole, attackers can run arbitrary code in the context of the current process, posing significant risks to user systems.",Bentley,View,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28316,https://securityvulnerability.io/vulnerability/CVE-2022-28316,Remote Code Execution Vulnerability in Bentley MicroStation,"A vulnerability in Bentley MicroStation CONNECT enables remote attackers to execute arbitrary code. The flaw arises due to insufficient validation when parsing IFC files, allowing crafted data to cause a buffer overflow. This exploitation necessitates user interaction, as it requires the target to visit a malicious webpage or open a compromised file. Successful exploitation can result in the execution of code in the context of the current process, posing significant risks to the affected installations.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28303,https://securityvulnerability.io/vulnerability/CVE-2022-28303,Code Execution Vulnerability in Bentley View by Bentley Systems,"This vulnerability enables remote attackers to execute arbitrary code on vulnerable installations of Bentley View 10.16.02.022. The flaw arises from improper validation of objects during the parsing of SKP files. Exploitation requires user interaction, as victims must either visit a malicious webpage or open a corrupted SKP file. An attacker can run code within the context of the current process, posing significant risks to the integrity and confidentiality of affected systems.",Bentley,View,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28319,https://securityvulnerability.io/vulnerability/CVE-2022-28319,Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT by Bentley,"This vulnerability exposes Bentley MicroStation CONNECT to a remote code execution risk, enabling attackers to execute arbitrary code when users interact with malicious 3DM files. The flaw arises due to insufficient initialization of memory during file parsing, which can be exploited if a user opens a compromised file or visits a malicious webpage. This highlights the importance of maintaining vigilance and ensuring software is updated to mitigate potential threats.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28310,https://securityvulnerability.io/vulnerability/CVE-2022-28310,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"This vulnerability in Bentley MicroStation CONNECT arises during the parsing of SKP files, where improper validation of object existence occurs. Consequently, an attacker can execute arbitrary code on affected systems by enticing a user to open a malicious file or visit a harmful webpage. User interaction is essential for exploiting this vulnerability, exploiting the flaw to perform unauthorized actions within the context of the current process.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28305,https://securityvulnerability.io/vulnerability/CVE-2022-28305,Code Execution Vulnerability in Bentley MicroStation CONNECT by Bentley,"A vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code through the improper handling of OBJ files. By enticing a user to visit a malicious webpage or open an infected file, an attacker can exploit the flaw stemming from inadequate validation of user-supplied data length. This oversight results in potential stack-based buffer overflow, permitting code execution within the context of the current process, enhancing the risk and impact of the attack.",Bentley,Microstation Connect,7.8,HIGH,0.0018100000452250242,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28641,https://securityvulnerability.io/vulnerability/CVE-2022-28641,Arbitrary Code Execution Vulnerability in Bentley MicroStation by Bentley,"This vulnerability in Bentley MicroStation CONNECT 10.16.02.34 allows remote attackers to execute arbitrary code by manipulating IFC files. Exploitation requires user interaction, such as visiting a malicious webpage or opening a compromised file. The vulnerability arises from insufficient validation of object existence during IFC file parsing, enabling attackers to run code in the application's process context.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28315,https://securityvulnerability.io/vulnerability/CVE-2022-28315,Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT Software,"A vulnerability in Bentley MicroStation CONNECT exists that permits remote attackers to execute arbitrary code. By exploiting a flaw in the IFC file parsing mechanism, an attacker can manipulate user-supplied data, allowing the execution of code within the context of the current process. This attack requires user interaction, as it necessitates the victim to either visit a malicious webpage or open an infected IFC file.",Bentley,Microstation Connect,7.8,HIGH,0.0018100000452250242,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28301,https://securityvulnerability.io/vulnerability/CVE-2022-28301,Remote Code Execution in Bentley MicroStation CONNECT,"A vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code by exploiting the parsing process of IFC files. This occurs when the target users interact with malicious content, such as visiting compromised web pages or opening specially crafted files. The flaw results in a buffer overflow, enabling an attacker to write past the end of an allocated buffer and execute code within the context of the affected process, potentially leading to further exploitation.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28300,https://securityvulnerability.io/vulnerability/CVE-2022-28300,Arbitrary Code Execution in Bentley MicroStation 10.16.02.034,"This vulnerability in Bentley MicroStation allows attackers to execute arbitrary code by manipulating JP2 image files. To exploit the vulnerability, a user must open a specially crafted JP2 file or visit a malicious web page that hosts such a file, leading to a buffer overflow. Consequently, the attacker can execute code within the context of the current process, thereby compromising the system's integrity. Proper security measures should be adhered to mitigate the risks associated with this flaw.",Bentley,Microstation,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28304,https://securityvulnerability.io/vulnerability/CVE-2022-28304,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"A remote code execution vulnerability exists in Bentley MicroStation CONNECT due to improper validation of user-supplied data when parsing OBJ files. An attacker could exploit this by enticing a user to visit a malicious web page or open a compromised file, leading to arbitrary code execution within the context of the affected application. The issue arises from insufficient checks on the length of data copied to a fixed-length buffer, highlighting the importance of robust input validation in software security.",Bentley,Microstation Connect,7.8,HIGH,0.0018100000452250242,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28643,https://securityvulnerability.io/vulnerability/CVE-2022-28643,Arbitrary Code Execution in Bentley MicroStation Software,"This vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code through specially crafted DGN files. The exploit requires user interaction, making it essential for the victim to open a malicious file or visit an infected page. The underlying issue arises from improper parsing that leads to a buffer overflow, enabling the execution of unauthorized commands within the context of the current process.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28644,https://securityvulnerability.io/vulnerability/CVE-2022-28644,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"This vulnerability in Bentley MicroStation CONNECT allows attackers to execute arbitrary code when a user interacts with a specially crafted DGN file. When an affected user opens a malformed DGN file or visits a malicious webpage, the flaw in the file parsing could cause an out-of-bounds write, leading to code execution in the context of the user process. Proper measures should be taken to avoid opening untrusted files to mitigate potential risks.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28314,https://securityvulnerability.io/vulnerability/CVE-2022-28314,Remote Code Execution in Bentley MicroStation CONNECT Software,"A vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code. This issue arises during the parsing of IFC files, which may lead to a buffer overflow if crafted data is supplied. User interaction is necessary as victims must either visit a malicious webpage or open a contaminated file to trigger the exploit. Successful exploitation enables attackers to execute code within the context of the affected software process, potentially compromising system integrity.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0