Browse all 209 CVE security advisories affecting Bentley. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bentley Systems provides computer-aided design (CAD) and engineering software primarily used for infrastructure projects such as bridges, roads, and buildings. With 209 recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically suffered from critical flaws including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These weaknesses often stem from improper input validation and insufficient access controls within its desktop and server components. Notable incidents include arbitrary file read and write capabilities that allow attackers to compromise system integrity or execute malicious code remotely. The software’s complex architecture, involving numerous plugins and integrations, frequently introduces attack surfaces that remain unpatched for extended periods. Security researchers emphasize that default configurations often lack robust authentication mechanisms, leaving enterprise deployments exposed to unauthorized access and data exfiltration without immediate remediation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-53007 | Bentley Systems ProjectWise Integration Server 安全漏洞 — ProjectWise Integration ServerCWE-648 | 6.4 | Medium | 2025-01-31 |
This page lists every published CVE security advisory associated with Bentley. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.