CVE-2021-34877: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

CVE-2021-34877 is a vulnerability discovered in Bentley View software, specifically affecting the JT file parsing functionality. The vulnerability was disclosed on December 8, 2021, and received a CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). This security flaw affects installations of Bentley View versions prior to 10.16.02.* (ZDI Advisory, Bentley Advisory).

The vulnerability exists within the parsing of JT files in Bentley View. When parsing JT files, the application can trigger a write past the end of an allocated buffer. This out-of-bounds write condition occurs when processing crafted data in a JT file (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high severity score reflects the potential for complete compromise of the system's confidentiality, integrity, and availability, though local access and user interaction are required (ZDI Advisory).

Bentley has released version 10.16.02.* and more recent versions to address this vulnerability. Users are recommended to update to the latest version of the software. Additionally, as a general best practice, Bentley recommends only opening JT files from trusted sources (Bentley Advisory).