Tous les avis / BE-2023-0002

BE-2023-0002

BE-2023-0002: Assetwise Integrity Information Server information disclosure

Bentley ID: BE-2023-0002
CVE ID: CVE-2023-51708
Severity: 9.9
CVSS v3.1: AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Publication date: 2023-11-21
Revision date: 2023-11-21

Summary
The Assetwise Integrity Information Server may be affected by an issue where an unauthenticated user can craft a malicious request to view configuration options. Exploiting these vulnerabilities could lead to information disclosure.

Details
Using an affected version of the Assetwise Integrity Information Server containing maliciously crafted data can enable an attacker to read configuration information.

Affected Versions

Applications Affected Versions Mitigated Versions
Assetwise Integrity Information Server >=23.00.02.03
Assetwise ALIM For Transportation >=23.00.01.25

 

Recommended Mitigations
Bentley requires updating the Assetwise Integrity Information Server to versions later than 23.00.02.03. Existing installs hosted by Bentley have already been mitigated.

Acknowledgement

Revision History

Date Description
21-11-2023 Première version de l’avis
20-12-2023 Revision addressing affected software

20 % de réduction sur les logiciels Bentley

L'OFFRE PREND FIN VENDREDI

Utilisez le code « THANKS24 »

Célébrez l'excellence en matière d'infrastructure et de performance

Year in Infrastructure 2024 et Going Digital Awards

Présentez un projet pour les prix les plus prestigieux en matière d'infrastructure ! La nouvelle date limite d'inscription est le 29 avril.