CVE-2021-34927: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

CVE-2021-34927 is a vulnerability discovered in Bentley View 10.15.0.75 that affects the parsing of JT files. The vulnerability was disclosed on December 8th, 2021, and allows remote attackers to execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability, specifically requiring the target to visit a malicious page or open a malicious file (Zero Day Initiative, Bentley Advisory).

The vulnerability is characterized by a read past the end of an allocated buffer during JT file parsing. It has been assigned a CVSS v3.1 score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The flaw is specifically related to out-of-bounds read operations that occur when processing specially crafted JT files (Zero Day Initiative).

When successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score reflects the potential for complete compromise of confidentiality, integrity, and availability of the affected system, though user interaction is required for exploitation (Zero Day Initiative).

Bentley has released version 10.16.02.* and more recent versions to address this vulnerability. Users are recommended to update to the latest versions of MicroStation and MicroStation-based applications. As an additional security measure, it is recommended to only open JT files from trusted sources (Bentley Advisory).