Login Sign Up

CVE-2021-34899

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2021-34899 is a buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit it by tricking users into opening malicious JT files, potentially compromising affected systems. This affects users of Bentley View 10.15.0.75 who open untrusted JT files.

💻 Affected Systems

Products:
  • Bentley View
Versions: 10.15.0.75
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user interaction to open malicious JT file. All installations of affected version are vulnerable by default.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine, data theft, and lateral movement within the network.

🟠

Likely Case

Malware installation, data exfiltration, or ransomware deployment on individual workstations where users open malicious JT files.

🟢

If Mitigated

Limited to denial of service or application crash if exploit fails or security controls block execution.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but is technically straightforward once malicious JT file is crafted. ZDI published advisory with technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version 10.16.0.80 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download latest Bentley View installer from Bentley website. 2. Run installer with administrative privileges. 3. Follow installation wizard. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Disable JT file association

windows

Remove Bentley View as default handler for .jt files to prevent automatic opening

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .jt > Change program > Choose different application

Block JT files at perimeter

all

Configure email/web gateways to block .jt file attachments and downloads

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized code execution
  • Restrict user privileges to standard user accounts (not administrator)

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version: Open Bentley View > Help > About. If version is 10.15.0.75, system is vulnerable.

Check Version:

Not applicable - check via GUI in Help > About menu

Verify Fix Applied:

Verify version is 10.16.0.80 or later in Help > About dialog.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes of Bentley View
  • Unusual process creation from Bentley View
  • Failed attempts to open corrupted JT files

Network Indicators:

  • Downloads of JT files from untrusted sources
  • Outbound connections from Bentley View to suspicious IPs

SIEM Query:

Process Creation where Image contains 'BentleyView.exe' and CommandLine contains '.jt'

📊 Metadata

CVE ID: CVE-2021-34899
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: January 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34899, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)