CVE-2024-42172

MEDIUM

Hcltech Dryice Myxalytics - Authentication Bypass

Title source: rule

Description

HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications.

References (1)

[Vendor Advisory] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149

Scores

CVSS v3 5.3

EPSS 0.0020

EPSS Percentile 41.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-522 CWE-287

Status published

Products (1)

hcltech/dryice_myxalytics 6.3

Published Jan 11, 2025

Tracked Since Feb 18, 2026