All Advisories / BE-2023-0002

BE-2023-0002

BE-2023-0002: Assetwise Integrity Information Server information disclosure

Bentley ID: BE-2023-0002
CVE ID: CVE-2023-51708
Severity: 9.9
CVSS v3.1: AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Publication date: 2023-11-21
Revision date: 2023-11-21

Summary
The Assetwise Integrity Information Server may be affected by an issue where an unauthenticated user can craft a malicious request to view configuration options. Exploiting these vulnerabilities could lead to information disclosure.

Details
Using an affected version of the Assetwise Integrity Information Server containing maliciously crafted data can enable an attacker to read configuration information.

Affected Versions

Applications Affected Versions Mitigated Versions
Assetwise Integrity Information Server <16.9.* >=23.00.02.03
Assetwise ALIM For Transportation <23.00.01.25 >=23.00.01.25

 

Recommended Mitigations
Bentley requires updating the Assetwise Integrity Information Server to versions later than 23.00.02.03. Existing installs hosted by Bentley have already been mitigated.

Acknowledgement

Revision History

Date Description
2023-11-21 First version of this advisory
2023-12-20 Revision addressing affected software

20% Off Bentley Software

Deal Ends Friday

Use Coupon Code "THANKS24"

Celebrate Infrastructure Delivery & Performance Excellence

The 2024 Year in Infrastructure
and Going Digital Awards

Nominate a project for the most prestigious awards in infrastructure! Extended deadline to enter is April 29th.