Submit a security report
Bentley Systems Responsible Disclosure Program
Are you a Bentley Systems user?
*
I use Bentley software as a client
I was contracted by a user to test it
No, I am a researcher
I want to
*
submit a new security report
enquire or add information about an existing security report
I agree to be acknowledged in CVE entry using a full name
Name Surname
*
Please, use your real name; It is verified by our legal department
E-mail
*
example@example.com
Pay Pal email for a reward
*
PayPal is the only possible and not arguable way to reward your efforts.
Country of origin
*
It is verified by our legal department
Social media account
not required, but helps us verify your eligibility for a reward
Security report title
*
Select an in-scope vulnerability type
*
Please Select one
Broken Access Control (Privilege Escalation)
Business Logic Issues
Cross-Origin Resource Sharing (CORS)
Cross-Site Scripting (XSS)
Directory Traversal
DLL hijacking
Identification and Authentication
Insecure direct Object Reference (IDOR)
Open redirect
Other
Remote Code Execution
Security misconfiguration
Sensitive Data Exposure
Session Misconfiguration
SQL Injection
Subdomain takeover
Injection
Vulnerable components
Out-of-bounds read or write
Vulnerable URL or product name
*
_.bentley.com, all desktop products, mobile apps, cloud apps, open source projects
Other type of a vulnerability
Severity
*
1 - Critical
2 - High
3 - Medium
4 - Low
CVSS score
Security vulnerability details and reproduction steps
*
Printscreens are not rendered - please add them as files below. If you have a code, please paste it below
0/1000
Mitigation suggestions
0/1000
References
0/1000
Previously submitted security report reference number
*
Your question or additional information
File Upload
Browse Files
Drag and drop files here
Choose a file
Cancel
of
Please verify that you are human
*
Send Now!
Should be Empty: