Bentley was notified by Salesloft on August 20, 2025, of a security issue in the Drift application. Salesloft informed us attackers exploited a vulnerability in Salesloft Drift’s OAuth integration flow with Salesforce. Through this hijacked authorization process, a threat actor may have been able to gain unauthorized access to an impacted Salesforce account. In response we have disabled Salesloft Drift’s access to any Bentley systems or data.
Our information security team conducted a thorough investigation following the incident and found no evidence of unauthorized access to internal systems or resources, nor any exposure of Bentley or Bentley User credentials. We remain committed to clear and transparent communication to maintain your trust regarding the security of our services.
If you have any questions or concerns, please do not hesitate to contact your support representative directly or open a support request: https://help.bentley.com
December 16th, 2021
An update on the Apache Log4j vulnerability from our Chief Information Security officer
In addition to monitoring for intrusion, our security teams have been analyzing each of our products to ensure they have not been compromised. If we identify any breaches in our products and systems, we will notify the users impacted immediately.
We have reviewed our product portfolio as an update to the above. This review found three services were vulnerable to the (now two) log4j related CVEs, which we have successfully mitigated in our production environments. We continue to see no evidence of exploitation.
The impacted services were:
As mentioned above, the vulnerabilities in these services have been mitigated, and there is no evidence of exploitation. There is no action required by any users of these Bentley-hosted services.
In addition, we have to date confirmed that no Bentley desktop or server installed (on-premise) product requires users to perform any actions regarding mitigation of these CVE’s. We will continue to monitor this situation and provide relevant updates as needed.
Tom Cibelli
Chief Information Security Officer
Bentley Systems
December 14th, 2021
On December 9th, 2021 a “Zero Day” exploit was reported in the Java logging library “log4j,” vulnerability was reported in the Java logging library “log4j,” which indicates the library could be susceptible to malicious Remote Code Execution (RCE) attacks.
Once Bentley was notified, our security experts launched an investigation to determine whether this attack impacted our systems, products, and/or services. We are pleased to report that, at this time, Bentley has found no evidence our systems have been compromised by this attack or that an intrusion has occurred.
Bentley administers in-depth defense practices with all of our systems and services using technologies that are built to detect and mitigate zero-day exploits, including Endpoint Detection and Response (EDR), heuristic and signature-based antivirus software, as well as continuous network monitoring. These practices are put in place to ensure our users can continue working at full capacity during an attempted cyberattack and with the knowledge that your work will be protected.
In addition to monitoring for intrusion, our security teams have been analyzing each of our products to ensure they have not been compromised. If we identify any breaches in our products and systems, we will notify the users impacted immediately.
Bentley’s Information Security team will continue to actively monitor and respond to this developing situation as it would with all security concerns. Users are encouraged to monitor our Common Vulnerability Exposure Program for continuous updates.
As a Bentley user, you can rest assured that protecting your data is our top priority
Tom Cibelli
Chief Information Security Officer
Bentley Systems