{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-27455", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-14T14:47:22.686Z", "dateReserved": "2024-02-26T00:00:00", "datePublished": "2024-02-26T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-26T15:16:59.039852"}, "descriptions": [{"lang": "en", "value": "In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.bentley.com/advisories/be-2024-0001/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.225Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.bentley.com/advisories/be-2024-0001/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-613", "lang": "en", "description": "CWE-613 Insufficient Session Expiration"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-488", "lang": "en", "description": "CWE-488 Exposure of Data Element to Wrong Session"}]}], "affected": [{"vendor": "bentley", "product": "assetwise_alim_web", "cpes": ["cpe:2.3:a:bentley:assetwise_alim_web:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "23.00.03", "status": "affected", "lessThan": "23.00.04.04", "versionType": "custom"}]}, {"vendor": "bentley", "product": "assetwise_information_integrity_server", "cpes": ["cpe:2.3:a:bentley:assetwise_information_integrity_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "16.9", "status": "affected", "lessThan": "23.00.02.03", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-14T14:37:36.524363Z", "id": "CVE-2024-27455", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T14:47:22.686Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.bentley.com/advisories/be-2024-0001/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.225Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27455", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-14T14:37:36.524363Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:bentley:assetwise_alim_web:*:*:*:*:*:*:*:*"], "vendor": "bentley", "product": "assetwise_alim_web", "versions": [{"status": "affected", "version": "23.00.03", "lessThan": "23.00.04.04", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bentley:assetwise_information_integrity_server:*:*:*:*:*:*:*:*"], "vendor": "bentley", "product": "assetwise_information_integrity_server", "versions": [{"status": "affected", "version": "16.9", "lessThan": "23.00.02.03", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-488", "description": "CWE-488 Exposure of Data Element to Wrong Session"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T14:47:05.894Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.bentley.com/advisories/be-2024-0001/"}], "descriptions": [{"lang": "en", "value": "In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-26T15:16:59.039852"}}}, "cveMetadata": {"cveId": "CVE-2024-27455", "state": "PUBLISHED", "dateUpdated": "2024-08-14T14:47:22.686Z", "dateReserved": "2024-02-26T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-02-26T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03."}, {"lang": "es", "value": "En la aplicaci\u00f3n web Bentley ALIM, ciertos ajustes de configuraci\u00f3n pueden provocar la exposici\u00f3n del token de sesi\u00f3n ALIM de un usuario cuando el usuario intenta descargar archivos. Esto se solucion\u00f3 en Assetwise ALIM Web 23.00.02.03 y Assetwise Information Integrity Server 23.00.04.04."}], "id": "CVE-2024-27455", "lastModified": "2024-08-14T15:35:07.223", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-26T16:28:00.707", "references": [{"source": "cve@mitre.org", "url": "https://www.bentley.com/advisories/be-2024-0001/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-488"}, {"lang": "en", "value": "CWE-613"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}