Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability
CVE-2022-43652

3.3LOW

Key Information:

Vendor: Bentley
Status: View
Vendor: CVE Published:; 7 May 2024

Summary

A severe vulnerability exists in Bentley View that relates to the parsing of SKP files. This flaw results from the inadequate validation of object existence before operations are performed, creating a potential for remote attackers to exploit this weakness. Successful exploitation requires user interaction, necessitating that the affected user either visits a malicious webpage or opens a compromised file. If exploited, this vulnerability allows attackers to disclose sensitive information and potentially chain it with other vulnerabilities to execute arbitrary code within the context of the application. Users are advised to update to the latest version to mitigate risks.

Affected Version(s)

View 10.16.2.22

References

https://www.zerodayinitiative.com/advisories/ZDI-23-347/

x_research-advisory

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Oct 21, 2022

Collectors

NVD DatabaseMitre Database