CVE-2021-46600: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

This vulnerability affects Bentley MicroStation CONNECT 10.16.0.80 and allows remote attackers to disclose sensitive information. The vulnerability requires user interaction, specifically opening a malicious file or visiting a malicious page. The issue exists within the parsing of JT files and stems from improper validation of user-supplied data, which can result in a read past the end of an allocated buffer (Zero Day Initiative, NVD).

The vulnerability is tracked as CVE-2021-46600 with a CVSS v3.1 Base Score of 3.3 LOW (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). The specific flaw exists within the parsing of JT files and is classified as an Out-of-bounds Read (CWE-125). The issue results from the lack of proper validation of user-supplied data, which can lead to reading beyond the bounds of allocated memory (Zero Day Initiative).

The vulnerability allows attackers to disclose sensitive information on affected installations. An attacker can leverage this vulnerability in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (Zero Day Initiative).

Bentley has issued an update to correct this vulnerability. Users should update to version 10.16.02 or later of the affected software. As a general best practice, it is recommended to only open JT files from trusted sources (Bentley Advisory).