Path Traversal which allows file upload capability affects DRYiCE MyXalytics
CVE-2023-45723

7.6HIGH

Key Information:

Vendor: HCL Software
Status: DRYiCE MyXalytics
Vendor: CVE Published:; 3 January 2024

Summary

HCL DRYiCE MyXalytics contains a path traversal vulnerability that enables unauthorized file uploads. This vulnerability arises from certain endpoints that allow users to manipulate the path and filename for stored files on the server. This can lead to potential unauthorized access and compromise of sensitive data if exploited. Users of HCL DRYiCE MyXalytics are advised to assess their environments and implement appropriate security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

DRYiCE MyXalytics 5.9, 6.0, 6.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 3, 2024
Vulnerability Reserved
Oct 10, 2023