CVE-2021-34939: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

This vulnerability (CVE-2021-34939) affects Bentley View version 10.15.0.75 and was discovered in December 2021. The vulnerability exists within the parsing of JT files and stems from the lack of validating the existence of an object prior to performing operations on the object (NVD, ZDI Advisory).

The vulnerability is classified as a Use-After-Free issue that could lead to remote code execution. It has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The specific flaw exists within the parsing of JT files, where the application fails to validate the existence of an object before performing operations on it (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The attack requires user interaction, specifically the target must visit a malicious page or open a malicious file (NVD, ZDI Advisory).

Bentley has released version 10.16.02 of View and MicroStation to address this vulnerability. Users are recommended to update to the latest version. As a general best practice, it is also recommended to only open JT files coming from trusted sources (Bentley Advisory).