Common Vulnerability Exposure Program

Bentley has a Common Vulnerability Exposure (CVE) program. Bentley strives to publish important security advisories that help our users mitigate risks for a subset of our desktop products. These advisory pages are Bentley's source of information to our user community for potential risks in our products. Although we generally recommend updating to the latest product versions, some advisories include more detailed information about risk mitigation and specifics of affected versions which should be reviewed before updating. Our advisories are often linked with CVE entries. This process, the information in the advisories, and the website are all subject to change.

 

List of advisories:

 

Advisory Number Title
BE-2022-0016  OBJ File Parsing Out-of-bounds Read Vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0015  JP2 File Parsing Out-of-bounds Read Vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0014  J2K File Parsing Out-of-bounds Read Vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0013  IFC File Parsing Out-of-bounds Read Vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0012  FBX File Parsing Out-of-bounds Read Vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0011  DGN File Parsing Out-of-bounds Read Vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0010  3DS File Parsing Out-of-bounds Read Vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0009  SKP File Parsing Use-After-Free vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0008  OBJ File Parsing Stack Overflow vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0007  JP2 File Parsing Out-of-bounds Write in MicroStation and MicroStation-based applications
BE-2022-0006  IFC File Parsing Vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0005  DXF File Parsing Out-of-bounds Read Vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0004  DGN File Parsing Out-of-bounds vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0003  3DS File Parsing Out-Of-Bounds Read in MicroStation and MicroStation-based applications
BE-2022-0002  3DM File Parsing Uninitialized Variable in MicroStation and MicroStation-based applications
BE-2022-0001  Use of Log4j in RenderFarm component for SYNCHRO 4D Pro and SYNCHRO Pro
BE-2021-0015  Use of uninitialized memory in MicroStation and MicroStation-based applications
BE-2021-0014 Use-after-free vulnerability in MicroStation and MicroStation-based applications
BE-2021-0013 Out-of-bounds vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0012 Out-of-bounds read and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0011 Use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0010 Out-of-bounds read vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0009 Out-of-bounds vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0008 Out-of-bounds and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0007 Out-of-bounds read vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0006 Out-of-Bounds and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0005 Out-of-Bounds and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0004 Out-of-bounds and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0003 Out-of-bounds and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0002 Out-of-bounds and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0001 Out-of-Bounds Read in ContextCapture Viewer