cbcvebase.

Hcl Software Dryice Myxalytics vulnerabilities

24 known vulnerabilities affecting hcl_software/dryice_myxalytics.

Total CVEs
24
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH4MEDIUM9LOW2

Vulnerabilities

Page 1 of 2
CVE-2023-45724P2CRITICALCVSS 9.8v5.9, 6.0, 6.12024-01-03
CVE-2023-45724 [CRITICAL] CWE-434 CVE-2023-45724: HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web appl HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication.
nvd
CVE-2023-50347P3CRITICALCVSS 9.8v5.9, 6.0, 6.1, 6.22024-04-10
CVE-2023-50347 [CRITICAL] CWE-89 CVE-2023-50347: HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration.
nvd
CVE-2024-42172P3CRITICALCVSS 9.8v6.32025-01-11
CVE-2024-42172 [CRITICAL] CWE-287 CVE-2024-42172: HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwo HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infra
nvd
CVE-2023-45723P3CRITICALCVSS 9.8v5.9, 6.0, 6.12024-01-03
CVE-2023-45723 [CRITICAL] CWE-22 CVE-2023-45723: HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capabilit HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.
nvd
CVE-2024-42180P3CRITICALCVSS 9.8v6.32025-01-12
CVE-2024-42180 [CRITICAL] CWE-434 CVE-2024-42180: HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invali HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files.
nvd
CVE-2024-42168P3CRITICALCVSS 9.4v6.32025-01-11
CVE-2024-42168 [CRITICAL] CWE-610 CVE-2024-42168: HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deplo HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.
nvd
CVE-2024-42175P3CRITICALCVSS 9.8v6.32025-01-11
CVE-2024-42175 [CRITICAL] CWE-20 CVE-2024-42175: HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts specia HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow.
nvd
CVE-2023-45722P3CRITICALCVSS 9.8v5.9, 6.0, 6.12024-01-03
CVE-2023-45722 [CRITICAL] CWE-22 CVE-2023-45722: HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it use HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special elements within the pathname that can cause the pathn
nvd
CVE-2023-50351P3CRITICALCVSS 9.1v5.9, 6.0, 6.12024-01-03
CVE-2023-50351 [CRITICAL] CWE-327 CVE-2023-50351: HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow a HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data.
nvd
CVE-2024-42169P3HIGHCVSS 8.1v6.32025-01-11
CVE-2024-42169 [HIGH] CWE-639 CVE-2024-42169: HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access co HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data.
nvd
CVE-2023-50341P3HIGHCVSS 7.5v5.9, 6.0, 6.12024-01-03
CVE-2023-50341 [HIGH] CWE-284 CVE-2023-50341: HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Dis HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.
nvd
CVE-2024-42181P3HIGHCVSS 7.5v6.32025-01-12
CVE-2024-42181 [HIGH] CWE-319 CVE-2024-42181: HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. The HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. The application transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
nvd
CVE-2023-50350P3HIGHCVSS 7.5v5.9, 6.0, 6.12024-01-03
CVE-2023-50350 [HIGH] CWE-327 CVE-2023-50350: HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, pot HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information.
nvd
CVE-2023-50343P3MEDIUMCVSS 6.5v5.9, 6.0, 6.12024-01-03
CVE-2023-50343 [MEDIUM] CWE-284 CVE-2023-50343: HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Cer HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.
nvd
CVE-2024-42170P4MEDIUMCVSS 6.8v6.32025-01-11
CVE-2024-42170 [MEDIUM] CWE-384 CVE-2024-42170: HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.
nvd
CVE-2024-42171P4MEDIUMCVSS 6.4v6.32025-01-11
CVE-2024-42171 [MEDIUM] CWE-384 CVE-2024-42171: HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.
nvd
CVE-2023-50344P4MEDIUMCVSS 5.4v5.9, 6.0, 6.12024-01-03
CVE-2023-50344 [MEDIUM] CWE-284 CVE-2023-50344: HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnera HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.
nvd
CVE-2023-50345P4MEDIUMCVSS 6.1v5.9, 6.0, 6.12024-01-03
CVE-2023-50345 [MEDIUM] CWE-601 CVE-2023-50345: HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats.
nvd
CVE-2024-42173P4MEDIUMCVSS 4.8v6.32025-01-11
CVE-2024-42173 [MEDIUM] CWE-521 CVE-2024-42173: HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwo HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known.
nvd
CVE-2023-50348P4MEDIUMCVSS 5.3v5.9, 6.0, 6.12024-01-03
CVE-2023-50348 [MEDIUM] CWE-209 CVE-2023-50348: HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application retur HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc.
nvd
Hcl Software Dryice Myxalytics vulnerabilities | cvebase