CVE-2024-42180

Published: Jan 12, 2025Modified: May 16, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files.

Affected (1)

Products: Hcltech: Dryice Myxalytics

1 product

Dryice Myxalytics

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hcltech Dryice Myxalytics	Version 6.3

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149

Source: psirt@hcl.com

Vendor Advisory

Timeline

No history available yet.