Hcltech

Dryice Myxalytics

27 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2024-42171

  • EPSS 0.06%
  • Published 11.01.2025 07:15:08
  • Last modified 16.05.2025 13:47:12

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.

6.8

CVE-2024-42170

  • EPSS 0.07%
  • Published 11.01.2025 07:15:06
  • Last modified 16.05.2025 13:47:03

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.

9.4

CVE-2024-42168

  • EPSS 0.13%
  • Published 11.01.2025 03:15:21
  • Last modified 16.05.2025 13:46:43

HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.

8.1

CVE-2024-42169

  • EPSS 0.09%
  • Published 11.01.2025 03:15:21
  • Last modified 16.05.2025 13:46:46

HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data.

9.8

CVE-2023-50347

  • EPSS 0.42%
  • Published 10.04.2024 02:15:08
  • Last modified 08.05.2025 18:34:18

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration.

5.4

CVE-2023-50344

  • EPSS 0.2%
  • Published 03.01.2024 03:15:11
  • Last modified 18.06.2025 16:15:23

HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.

6.5

CVE-2023-50343

  • EPSS 0.06%
  • Published 03.01.2024 03:15:11
  • Last modified 18.06.2025 16:15:22

HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.

4.3

CVE-2023-50342

  • EPSS 0.13%
  • Published 03.01.2024 03:15:10
  • Last modified 03.06.2025 19:15:34

HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.  A user can obtain certain details about another user as a result of improper access control.

7.5

CVE-2023-50341

  • EPSS 0.07%
  • Published 03.01.2024 03:15:10
  • Last modified 18.06.2025 16:15:22

HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive ...

9.8

CVE-2023-45724

  • EPSS 0.17%
  • Published 03.01.2024 03:15:09
  • Last modified 18.06.2025 16:15:21

HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication.