CVE-2021-46563: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

This vulnerability (CVE-2021-46563) affects Bentley MicroStation CONNECT version 10.16.0.80. The vulnerability allows remote attackers to execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files, where crafted data can trigger a read past the end of an allocated buffer (Zero Day Initiative, Bentley Advisory).

The vulnerability is classified with a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The flaw is identified as CWE-125 (Out-of-bounds Read). The vulnerability specifically occurs during the parsing of JT files, where improper validation of input data can lead to a read operation beyond the bounds of an allocated buffer (Zero Day Initiative).

A successful exploitation of this vulnerability allows attackers to execute code in the context of the current process. Given the high CVSS score and the potential for code execution, this vulnerability could lead to significant system compromise if successfully exploited (Zero Day Initiative).

Bentley has issued an update to correct this vulnerability. Users are recommended to upgrade to version 10.16.02 or later of MicroStation and MicroStation-based applications. As a general best practice, it is also recommended to only open JT files coming from trusted sources (Bentley Advisory).