CVE-2024-42172

MEDIUM

Hcltech Dryice Myxalytics - Authentication Bypass

Title source: rule

Description

HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications.

References (1)

[Vendor Advisory] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149

Scores

CVSS v3 5.3

EPSS 0.0020

EPSS Percentile 42.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-522 CWE-287

Status published

Affected Products (1)

hcltech/dryice_myxalytics

Timeline

Published Jan 11, 2025

Tracked Since Feb 18, 2026