Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability
CVE-2022-43652

5.5MEDIUM

Key Information:

Vendor: Bentley
Status: View
Vendor: CVE Published:; 7 May 2024

What is CVE-2022-43652?

A severe vulnerability exists in Bentley View that relates to the parsing of SKP files. This flaw results from the inadequate validation of object existence before operations are performed, creating a potential for remote attackers to exploit this weakness. Successful exploitation requires user interaction, necessitating that the affected user either visits a malicious webpage or opens a compromised file. If exploited, this vulnerability allows attackers to disclose sensitive information and potentially chain it with other vulnerabilities to execute arbitrary code within the context of the application. Users are advised to update to the latest version to mitigate risks.

Affected Version(s)

View 10.16.2.22

References

https://www.zerodayinitiative.com/advisories/ZDI-23-347/

x_research-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Oct 21, 2022