CVE-2021-46591: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

CVE-2021-46591 is a vulnerability discovered in Bentley MicroStation CONNECT version 10.16.0.80. The vulnerability was reported by Mat Powell of Trend Micro Zero Day Initiative and was disclosed on January 31, 2022. This security flaw affects the JT file parsing functionality in MicroStation CONNECT and related applications (Zero Day Initiative, Vendor Advisory).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) that occurs during the parsing of JT files. When processing crafted data within a JT file, the application can be triggered to read past the end of an allocated buffer. The vulnerability has received a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Zero Day Initiative).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability when exploited (Zero Day Initiative).

Bentley has released version 10.16.02 and later versions to address this vulnerability. Users are recommended to update to the latest version of MicroStation and MicroStation-based applications. As an additional security measure, it is recommended to only open JT files from trusted sources (Vendor Advisory).