CVE-2024-27455
📋 TL;DR
The Bentley ALIM Web application exposes user session tokens during file download operations when specific configurations are present. This allows attackers to hijack authenticated sessions and gain unauthorized access. Organizations using vulnerable versions of Assetwise ALIM Web or Information Integrity Server are affected.
💻 Affected Systems
- Assetwise ALIM Web
- Assetwise Information Integrity Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal session tokens, gain full administrative access to ALIM systems, manipulate critical infrastructure data, and potentially pivot to other enterprise systems.
Likely Case
Attackers capture session tokens to access sensitive asset information, modify configuration data, or exfiltrate proprietary engineering documents.
If Mitigated
With proper network segmentation and monitoring, impact is limited to unauthorized access within the ALIM application boundary.
🎯 Exploit Status
Exploitation requires network access to intercept or capture exposed tokens during legitimate user file download operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03
Vendor Advisory: https://www.bentley.com/advisories/be-2024-0001/
Restart Required: Yes
Instructions:
1. Download patches from Bentley Software Downloads portal. 2. Backup current installation. 3. Apply patches following Bentley's upgrade documentation. 4. Restart application services. 5. Verify functionality.
🔧 Temporary Workarounds
Disable file downloads
allTemporarily disable file download functionality in ALIM Web to prevent token exposure.
Configure via ALIM Web administration interface
Network segmentation
allRestrict access to ALIM Web to trusted internal networks only.
Configure firewall rules to limit ALIM Web access
🧯 If You Can't Patch
- Implement strict network access controls to limit ALIM Web exposure
- Deploy web application firewall with session protection rules
🔍 How to Verify
Check if Vulnerable:
Check ALIM Web and Information Integrity Server version numbers against vulnerable versions.Check Version:
Check version in ALIM Web administration interface or application logsVerify Fix Applied:
Confirm installation of Assetwise ALIM Web 23.00.04.04 or later and Assetwise Information Integrity Server 23.00.02.03 or later.📡 Detection & Monitoring
Log Indicators:
- Multiple session creations from same IP
- Unauthorized access attempts to sensitive endpoints
Network Indicators:
- Unexpected outbound connections from ALIM servers
- Session token values in URL parameters or headers
SIEM Query:
source="alim-web" AND (event="file_download" OR event="session_hijack")