We use cookies to provide you with the best possible user experience. If you continue to use the site without changing your cookie settings, we assume you are fine with our cookies and the way we use them. The cookies store information about how you use our website, and help you use some of the functions on the site. Our cookies do not store any sensitive information, and we never use your cookies for targeted advertising. If you want, you can change your computer’s settings so that it does not accept cookies. We have information here on how you can do that.

Continue

Common Vulnerability Exposure Program

This year, Bentley is enacting a Common Vulnerability Exposure (CVE) program. Bentley strives to publish important security advisories that help our users mitigate risks for a subset of our desktop products. These advisory pages are Bentley's source of information to our user community for potential risks in our products. Although we generally recommend updating to the latest product versions, some advisories include more detailed information about risk mitigation and specifics of affected versions which should be reviewed before updating. Our advisories are often linked with CVE entries. This process, the information in the advisories, and the website are all subject to change.

 

List of advisories:

 

Advisory Number Title
BE-2022-0009  SKP File Parsing Use-After-Free vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0008  OBJ File Parsing Stack Overflow vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0007  JP2 File Parsing Out-of-bounds Write in MicroStation and MicroStation-based applications
BE-2022-0006  IFC File Parsing Vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0005  DXF File Parsing Out-of-bounds Read Vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0004  DGN File Parsing Out-of-bounds vulnerabilities in MicroStation and MicroStation-based applications
BE-2022-0003  3DS File Parsing Out-Of-Bounds Read in MicroStation and MicroStation-based applications
BE-2022-0002  3DM File Parsing Uninitialized Variable in MicroStation and MicroStation-based applications
BE-2022-0001  Use of Log4j in RenderFarm component for SYNCHRO 4D Pro and SYNCHRO Pro
BE-2021-0015  Use of uninitialized memory in MicroStation and MicroStation-based applications
BE-2021-0014 Use-after-free vulnerability in MicroStation and MicroStation-based applications
BE-2021-0013 Out-of-bounds vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0012 Out-of-bounds read and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0011 Use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0010 Out-of-bounds read vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0009 Out-of-bounds vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0008 Out-of-bounds and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0007 Out-of-bounds read vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0006 Out-of-Bounds and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0005 Out-of-Bounds and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0004 Out-of-bounds and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0003 Out-of-bounds and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0002 Out-of-bounds and use-after-free vulnerabilities in MicroStation and MicroStation-based applications
BE-2021-0001 Out-of-Bounds Read in ContextCapture Viewer