BE-2023-0002: Assetwise Integrity Information Server information disclosure
Bentley ID: BE-2023-0002
CVE ID: CVE-2023-51708
Severity: 9.9
CVSS v3.1: AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Publication date: 2023-11-21
Revision date: 2023-11-21
Summary
The Assetwise Integrity Information Server may be affected by an issue where an unauthenticated user can craft a malicious request to view configuration options. Exploiting these vulnerabilities could lead to information disclosure.
Details
Using an affected version of the Assetwise Integrity Information Server containing maliciously crafted data can enable an attacker to read configuration information.
Affected Versions
| Applications | Affected Versions | Mitigated Versions |
| Assetwise Integrity Information Server | <16.9.* | >=23.00.02.03 |
| Assetwise ALIM For Transportation | <23.00.01.25 | >=23.00.01.25 |
Recommended Mitigations
Bentley requires updating the Assetwise Integrity Information Server to versions later than 23.00.02.03. Existing installs hosted by Bentley have already been mitigated.
Acknowledgement
Revision History
| Date | Description |
| 2023-11-21 | First version of this advisory |
| 2023-12-20 | Revision addressing affected software |
