All Advisories / BE-2024-0001


BE-2024-0001: ALIM Web Token Exposure

Bentley ID: BE-2024-0001
CVE ID: CVE-2024-27455
Severity: 9.3
Publication date: 2024-02-19
Revision date: 2024-02-19

The ALIM Web application may be affected by an issue where certain configuration settings can cause exposure of users ALIM session token when users attempt to download files.

The exposed token may be used in a manner that allows users access to files within ALIM which they do not have permissions to.

Affected Versions

Applications Affected Versions Mitigated Versions
Assetwise ALIM Web <23.00.03.* >=
Assetwise Information Integrity Server <16.9.* >=


Recommended Mitigations
Upgrade to latest versions of ALIM Web ( or later) and Assetwise Information Integrity Server ( or later). Existing installs hosted by Bentley have already been mitigated. Where upgrade isn’t possible please reach out to Bentley Support for secure configuration instructions.


Revision History

Date Description
2024-02-19 First version of this advisory
2024-03-08 Amend to ALIM Web Version affected
2024-03-25 Amend to versions affected

Celebrate Infrastructure Delivery & Performance Excellence

The 2024 Year in Infrastructure
and Going Digital Awards

Nominate a project for the most prestigious awards in infrastructure! Extended deadline to enter is April 29th.