CVE-2024-42168

Published: Jan 11, 2025Modified: May 16, 2025

9.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Exploitability: 3.9 / Impact: 5.5

Source: NVD

Description

HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.

Affected (1)

Products: Hcltech: Dryice Myxalytics

Hcltech

1 product

Dryice Myxalytics

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hcltech Dryice Myxalytics	Version 6.3

Related CWEs

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149

Source: psirt@hcl.com

Vendor Advisory

Timeline

No history available yet.