CVE-2023-50343

Published: Jan 3, 2024Modified: Jun 18, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.

Affected (3)

Products: Hcltech: Dryice Myxalytics

Hcltech

1 product

Dryice Myxalytics

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Hcltech Dryice Myxalytics	Version 5.9
Hcltech Dryice Myxalytics	Version 6.0
Hcltech Dryice Myxalytics	Version 6.1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608

Source: psirt@hcl.com

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.