Login Sign Up

CVE-2021-31513

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2021-31513 is a buffer overflow vulnerability in OpenText Brava! Desktop's BMP file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious BMP files or visiting malicious web pages. This affects users of OpenText Brava! Desktop version 16.6.4.55.

💻 Affected Systems

Products:
  • OpenText Brava! Desktop
Versions: 16.6.4.55
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of the affected version are vulnerable by default when processing BMP files.

📦 What is this software?

Brava\! Desktop by Opentext

View all CVEs affecting Brava\! Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malware installation, data exfiltration, or system disruption through crafted BMP files delivered via phishing or malicious websites.

🟢

If Mitigated

Limited impact with proper application sandboxing, user privilege restrictions, and network segmentation preventing lateral movement.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but is technically straightforward once a malicious file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 16.6.4.55

Vendor Advisory: https://www.opentext.com/products/brava

Restart Required: Yes

Instructions:

1. Download the latest version from OpenText's official website. 2. Run the installer to upgrade. 3. Restart the system to complete the installation.

🔧 Temporary Workarounds

Disable BMP file association

windows

Remove Brava! Desktop as the default handler for BMP files to prevent automatic exploitation

Control Panel > Default Programs > Set Default Programs > Select Brava > Choose defaults for this program > Uncheck .bmp

Application control policy

windows

Block execution of Brava! Desktop via application whitelisting

🧯 If You Can't Patch

  • Implement strict email filtering to block BMP attachments
  • Deploy endpoint protection with memory protection capabilities

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Brava! Desktop to see if version is 16.6.4.55

Check Version:

Not applicable - check via GUI in Help > About

Verify Fix Applied:

Verify version is higher than 16.6.4.55 in Help > About

📡 Detection & Monitoring

Log Indicators:

  • Process creation events for Brava! Desktop with suspicious parent processes
  • Crash reports from Brava! Desktop

Network Indicators:

  • Unexpected outbound connections from Brava! Desktop process

SIEM Query:

ProcessName="BravaDesktop.exe" AND (ParentImage="*powershell*" OR ParentImage="*cmd*" OR ParentImage="*rundll32*")

📊 Metadata

CVE ID: CVE-2021-31513
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 29, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31513, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)