cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-53007,https://securityvulnerability.io/vulnerability/CVE-2024-53007,SQL Injection Vulnerability in Bentley Systems ProjectWise Integration Server,"A vulnerability in Bentley Systems ProjectWise Integration Server allows authenticated users to execute unintended SQL queries through an API call. This flaw may lead to unauthorized data exposure and potential manipulation of the database, highlighting the importance of securing API endpoints and validating user inputs.",Bentley,Projectwise Integration Server,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-31T00:00:00.000Z,0
CVE-2022-43656,https://securityvulnerability.io/vulnerability/CVE-2022-43656,FBX File Parsing Out-Of-Bounds Read Vulnerability Affects Bentley View,"An information disclosure vulnerability exists in Bentley View due to improper handling of FBX file parsing. When a suitably crafted FBX file is opened, it can cause the software to read past the end of an allocated buffer. This flaw may enable remote attackers to reveal sensitive information from affected installations, although it necessitates user interaction to exploit. An attacker could leverage this vulnerability alongside other security issues to execute arbitrary code within the context of the current process.",Bentley,View,3.3,LOW,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-05-07T22:55:01.082Z,0
CVE-2022-43655,https://securityvulnerability.io/vulnerability/CVE-2022-43655,Remote Code Execution Vulnerability in Bentley View,"A vulnerability exists in Bentley View related to the parsing of FBX files, which can lead to a heap-based buffer overflow. The flaw arises from insufficient validation of the length of user-supplied data before it is copied to a fixed-length heap-based buffer. This weakness allows remote attackers to execute arbitrary code on vulnerable installations. Successful exploitation of this vulnerability necessitates user interaction, as the target must either visit a malicious web page or open a compromised FBX file. Proper security measures and updates are essential to protect against potential exploitation.",Bentley,View,7.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-05-07T22:55:00.105Z,0
CVE-2022-43653,https://securityvulnerability.io/vulnerability/CVE-2022-43653,Remote Code Execution Vulnerability in Bentley View,"This vulnerability in Bentley View arises from a specific flaw in the way SKP files are parsed. An attacker who crafts malicious data within an SKP file can exploit this flaw to write beyond the allocated buffer's end, potentially leading to the execution of arbitrary code. User interaction is necessary for the exploit as it demands that the victim visit a compromised webpage or open a rigged SKP file. Organizations using Bentley View should remain vigilant by applying security updates and educating users about the risks associated with opening suspicious files.",Bentley,View,7.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2024-05-07T22:54:58.166Z,0
CVE-2022-43652,https://securityvulnerability.io/vulnerability/CVE-2022-43652,Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability,"A severe vulnerability exists in Bentley View that relates to the parsing of SKP files. This flaw results from the inadequate validation of object existence before operations are performed, creating a potential for remote attackers to exploit this weakness. Successful exploitation requires user interaction, necessitating that the affected user either visits a malicious webpage or opens a compromised file. If exploited, this vulnerability allows attackers to disclose sensitive information and potentially chain it with other vulnerabilities to execute arbitrary code within the context of the application. Users are advised to update to the latest version to mitigate risks.",Bentley,View,3.3,LOW,0.0009899999713525176,false,,false,false,false,,,false,false,,2024-05-07T22:54:57.232Z,0
CVE-2022-43651,https://securityvulnerability.io/vulnerability/CVE-2022-43651,Remote Code Execution Vulnerability in Bentley View,"A vulnerability exists in Bentley View due to improper handling of SKP file parsing, allowing remote attackers to exploit the flaw by crafting malicious SKP files or web pages containing such files. The issue arises from the failure to verify the existence of an object before conducting operations on it, leading to a use-after-free condition. An attacker can trigger this vulnerability to execute arbitrary code in the context of the currently running process, necessitating user interaction to achieve exploitation.",Bentley,View,7.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2024-05-07T22:54:56.217Z,0
CVE-2023-44430,https://securityvulnerability.io/vulnerability/CVE-2023-44430,Remote Code Execution Vulnerability in Bentley View,"A vulnerability exists within the Bentley View application related to the parsing of SKP files, which may allow remote attackers to execute arbitrary code. This flaw stems from inadequate validation of object existence before operations are performed, leading to a use-after-free condition. To exploit this vulnerability, an attacker must trick a user into opening a specially crafted file or visiting a malicious webpage, thereby executing code within the current process context. Users of Bentley View are strongly advised to apply the recommended security updates to mitigate potential risks.",Bentley,View,7.8,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-05-03T02:13:56.897Z,0
CVE-2024-27455,https://securityvulnerability.io/vulnerability/CVE-2024-27455,Bentley Fixes ALIM Web Vulnerability,"In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03.",Bentley,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-26T00:00:00.000Z,0
CVE-2023-51708,https://securityvulnerability.io/vulnerability/CVE-2023-51708,Information Disclosure Vulnerability in Bentley eB System Management Console and Assetwise Integrity,"The Bentley eB System Management Console and Assetwise Integrity Information Server are susceptible to an information disclosure vulnerability. This issue allows unauthenticated users to exploit misconfigurations through crafted requests, potentially revealing sensitive configuration options. Users of the affected versions should prioritize updates to mitigate risks associated with this vulnerability.",Bentley,,8.6,HIGH,0.0013899999903514981,false,,false,false,false,,,false,false,,2023-12-22T02:15:00.000Z,0
CVE-2022-28311,https://securityvulnerability.io/vulnerability/CVE-2022-28311,Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT by Bentley Systems,"This vulnerability enables remote attackers to execute arbitrary code on installations of Bentley MicroStation CONNECT version 10.16.02.034. The issue arises during the parsing of DXF files, where crafted data can lead to a read past the end of an allocated buffer. Exploitation requires user interaction, as the target must either visit a malicious webpage or open a compromised file. By leveraging this vulnerability, an attacker can execute code within the context of the affected process, posing significant security risks.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28643,https://securityvulnerability.io/vulnerability/CVE-2022-28643,Arbitrary Code Execution in Bentley MicroStation Software,"This vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code through specially crafted DGN files. The exploit requires user interaction, making it essential for the victim to open a malicious file or visit an infected page. The underlying issue arises from improper parsing that leads to a buffer overflow, enabling the execution of unauthorized commands within the context of the current process.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28312,https://securityvulnerability.io/vulnerability/CVE-2022-28312,Remote Information Disclosure in Bentley MicroStation CONNECT,"The vulnerability in Bentley MicroStation CONNECT allows remote attackers to access sensitive information by exploiting a flaw in the parsing of 3DS files. User interaction is necessary for an attack to succeed, as the target must either visit a malicious webpage or open a compromised file. This flaw can lead to a read past the end of an allocated buffer, potentially enabling attackers to combine this weakness with other vulnerabilities to execute arbitrary code in the context of the affected process. For further details, refer to the advisory from Bentley and the Zero Day Initiative.",Bentley,Microstation Connect,3.3,LOW,0.001449999981559813,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28313,https://securityvulnerability.io/vulnerability/CVE-2022-28313,Remote Code Execution Risk in Bentley MicroStation CONNECT Software,"The vulnerability in Bentley MicroStation CONNECT involves a buffer overflow that may allow remote attackers to disclose sensitive information. This flaw occurs during the parsing of 3DS files, where crafted data can lead to reading past the end of an allocated buffer. Exploitation requires user action, as the target must open a malicious file or visit a harmful page. This vulnerability can be combined with other issues, potentially enabling attackers to execute arbitrary code within the context of the affected process.",Bentley,Microstation Connect,3.3,LOW,0.001449999981559813,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28300,https://securityvulnerability.io/vulnerability/CVE-2022-28300,Arbitrary Code Execution in Bentley MicroStation 10.16.02.034,"This vulnerability in Bentley MicroStation allows attackers to execute arbitrary code by manipulating JP2 image files. To exploit the vulnerability, a user must open a specially crafted JP2 file or visit a malicious web page that hosts such a file, leading to a buffer overflow. Consequently, the attacker can execute code within the context of the current process, thereby compromising the system's integrity. Proper security measures should be adhered to mitigate the risks associated with this flaw.",Bentley,Microstation,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28301,https://securityvulnerability.io/vulnerability/CVE-2022-28301,Remote Code Execution in Bentley MicroStation CONNECT,"A vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code by exploiting the parsing process of IFC files. This occurs when the target users interact with malicious content, such as visiting compromised web pages or opening specially crafted files. The flaw results in a buffer overflow, enabling an attacker to write past the end of an allocated buffer and execute code within the context of the affected process, potentially leading to further exploitation.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28314,https://securityvulnerability.io/vulnerability/CVE-2022-28314,Remote Code Execution in Bentley MicroStation CONNECT Software,"A vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code. This issue arises during the parsing of IFC files, which may lead to a buffer overflow if crafted data is supplied. User interaction is necessary as victims must either visit a malicious webpage or open a contaminated file to trigger the exploit. Successful exploitation enables attackers to execute code within the context of the affected software process, potentially compromising system integrity.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28307,https://securityvulnerability.io/vulnerability/CVE-2022-28307,Arbitrary Code Execution Vulnerability in Bentley View Software,"This vulnerability in Bentley View versions 10.16.02.022 allows remote attackers to execute arbitrary code when users are tricked into opening a malicious DXF file or visiting a compromised webpage. The flaw arises from improper handling of crafted DXF data, leading to a read past the end of an allocated buffer. This means that attackers can potentially execute unauthorized code within the context of the application, posing a significant security risk.",Bentley,View,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28320,https://securityvulnerability.io/vulnerability/CVE-2022-28320,Remote Code Execution Vulnerability in Bentley View by Bentley Systems,"This vulnerability in Bentley View enables remote attackers to execute arbitrary code on affected installations by exploiting a flaw in the parsing of 3DM files. The vulnerability arises due to improper memory initialization before access, requiring the target user to unknowingly visit a malicious webpage or open a compromised file. By leveraging this security hole, attackers can run arbitrary code in the context of the current process, posing significant risks to user systems.",Bentley,View,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28315,https://securityvulnerability.io/vulnerability/CVE-2022-28315,Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT Software,"A vulnerability in Bentley MicroStation CONNECT exists that permits remote attackers to execute arbitrary code. By exploiting a flaw in the IFC file parsing mechanism, an attacker can manipulate user-supplied data, allowing the execution of code within the context of the current process. This attack requires user interaction, as it necessitates the victim to either visit a malicious webpage or open an infected IFC file.",Bentley,Microstation Connect,7.8,HIGH,0.0018100000452250242,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28644,https://securityvulnerability.io/vulnerability/CVE-2022-28644,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"This vulnerability in Bentley MicroStation CONNECT allows attackers to execute arbitrary code when a user interacts with a specially crafted DGN file. When an affected user opens a malformed DGN file or visits a malicious webpage, the flaw in the file parsing could cause an out-of-bounds write, leading to code execution in the context of the user process. Proper measures should be taken to avoid opening untrusted files to mitigate potential risks.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28316,https://securityvulnerability.io/vulnerability/CVE-2022-28316,Remote Code Execution Vulnerability in Bentley MicroStation,"A vulnerability in Bentley MicroStation CONNECT enables remote attackers to execute arbitrary code. The flaw arises due to insufficient validation when parsing IFC files, allowing crafted data to cause a buffer overflow. This exploitation necessitates user interaction, as it requires the target to visit a malicious webpage or open a compromised file. Successful exploitation can result in the execution of code in the context of the current process, posing significant risks to the affected installations.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28308,https://securityvulnerability.io/vulnerability/CVE-2022-28308,Remote Information Disclosure Vulnerability in Bentley View by Bentley Systems,"A vulnerability exists in Bentley View 10.16.02.022 that enables remote attackers to disclose sensitive user information. The issue arises from a flaw in the parsing of 3DS files, allowing crafted data to trigger a read beyond the end of an allocated buffer. Utilize of this vulnerability requires user interaction, as the target must visit a malicious website or open a harmful file. Successful exploitation could allow attackers to execute arbitrary code within the current process, potentially leveraging it in conjunction with other vulnerabilities to enhance their impact.",Bentley,View,3.3,LOW,0.001449999981559813,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28309,https://securityvulnerability.io/vulnerability/CVE-2022-28309,Buffer Overflow Vulnerability in Bentley View by Bentley Systems,"This vulnerability allows remote attackers to disclose sensitive information from installations of Bentley View 10.16.02.022. It occurs when the software improperly parses 3DS files, where specially crafted data can result in a read past the end of an allocated buffer. Successful exploitation necessitates user interaction, requiring the target to visit a malicious webpage or open a harmful file. An attacker may leverage this flaw in combination with other vulnerabilities to execute arbitrary code within the context of the current process.",Bentley,View,3.3,LOW,0.001449999981559813,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28310,https://securityvulnerability.io/vulnerability/CVE-2022-28310,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"This vulnerability in Bentley MicroStation CONNECT arises during the parsing of SKP files, where improper validation of object existence occurs. Consequently, an attacker can execute arbitrary code on affected systems by enticing a user to open a malicious file or visit a harmful webpage. User interaction is essential for exploiting this vulnerability, exploiting the flaw to perform unauthorized actions within the context of the current process.",Bentley,Microstation Connect,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28305,https://securityvulnerability.io/vulnerability/CVE-2022-28305,Code Execution Vulnerability in Bentley MicroStation CONNECT by Bentley,"A vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code through the improper handling of OBJ files. By enticing a user to visit a malicious webpage or open an infected file, an attacker can exploit the flaw stemming from inadequate validation of user-supplied data length. This oversight results in potential stack-based buffer overflow, permitting code execution within the context of the current process, enhancing the risk and impact of the attack.",Bentley,Microstation Connect,7.8,HIGH,0.0018100000452250242,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0