CVE-2024-42169

Published: Jan 11, 2025Modified: May 16, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data.

Affected (1)

Products: Hcltech: Dryice Myxalytics

Hcltech

1 product

Dryice Myxalytics

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hcltech Dryice Myxalytics	Version 6.3

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149

Source: psirt@hcl.com

Vendor Advisory

Timeline

No history available yet.