CVE-2021-34888: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

A vulnerability was discovered in Bentley View's JT file parsing functionality, identified as CVE-2021-34888. This vulnerability was reported on December 8, 2021, and affects installations of Bentley View versions prior to 10.16.02.*. The issue involves an out-of-bounds read vulnerability that could lead to information disclosure (ZDI Advisory, Bentley Advisory).

The vulnerability stems from the lack of proper validation of user-supplied data during the parsing of JT files, which can result in a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.0 score of 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating a relatively low severity (ZDI Advisory).

When successfully exploited, this vulnerability can lead to the disclosure of sensitive information on affected installations. The impact is limited to information disclosure, though it could potentially be leveraged in conjunction with other vulnerabilities for more severe attacks (ZDI Advisory).

Bentley has addressed this vulnerability by releasing version 10.16.02.* and more recent versions of the software. Users are recommended to update to the latest version of Bentley View. Additionally, as a general best practice, users should only open JT files from trusted sources (Bentley Advisory).