CVE-2021-46634: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

This vulnerability (CVE-2021-46634) affects Bentley MicroStation CONNECT version 10.16.0.80. The vulnerability allows remote attackers to execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files, where crafted data can trigger a write past the end of an allocated buffer (Zero Day Initiative, Bentley Advisory).

The vulnerability is classified with a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The flaw is identified as an Out-of-bounds Write (CWE-787) vulnerability. When parsing JT files, the application fails to properly validate the length of user-supplied data, which can trigger a write operation beyond the allocated buffer boundaries (Zero Day Initiative).

A successful exploitation of this vulnerability allows an attacker to execute code in the context of the current process. This could potentially lead to full system compromise with the privileges of the application. The vulnerability affects both confidentiality and integrity of the system, as the attacker could potentially access sensitive information and modify system data (Zero Day Initiative).

Bentley has issued an update to address this vulnerability. Users are recommended to upgrade to version 10.16.02 or later of MicroStation and MicroStation-based applications. As a general best practice, it is also recommended to only open JT files from trusted sources (Bentley Advisory).