CVE-2024-42180

LOW

Hcltech Dryice Myxalytics - Unrestricted File Upload

Title source: rule

Description

HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149

Scores

CVSS v3 1.6

EPSS 0.0017

EPSS Percentile 38.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

hcltech/dryice_myxalytics 6.3

Published Jan 12, 2025

Tracked Since Feb 18, 2026