CVE-2021-46597: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

This vulnerability (CVE-2021-46597) affects Bentley MicroStation CONNECT 10.16.0.80 and allows remote attackers to execute arbitrary code. The vulnerability requires user interaction, specifically opening a malicious file. The issue exists within the parsing of JT files and results from the lack of validating the existence of an object prior to performing operations on the object (Zero Day Initiative).

The vulnerability is classified with a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The specific flaw exists within the parsing of JT files, where there is a failure to validate the existence of an object before performing operations on it. This use-after-free condition can be leveraged by attackers to execute code in the context of the current process (Zero Day Initiative, NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process, potentially leading to full system compromise with the privileges of the affected application (Zero Day Initiative).

Bentley has issued an update to correct this vulnerability. Users should upgrade to version 10.16.02 or later of MicroStation and MicroStation-based applications. As a general best practice, it is recommended to only open JT files from trusted sources (Bentley Advisory).