CVE-2024-42180

LOW

HCL MyXalytics - Unrestricted Upload of File with Dangerous Type

Title source: llm

Description

HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149

Scores

CVSS v3 1.6

EPSS 0.0025

EPSS Percentile 15.8%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

hcltech/dryice_myxalytics 6.3

Published Jan 12, 2025

Tracked Since Feb 18, 2026