Unauthenticated File Upload affects DRYiCE MyXalytics
CVE-2023-45724

8.2HIGH

Key Information:

Vendor: HCL Software
Status: DRYiCE MyXalytics
Vendor: CVE Published:; 3 January 2024

Summary

The HCL DRYiCE MyXalytics product is susceptible to an unauthenticated file upload vulnerability that allows malicious actors to upload arbitrary files to the web application. This weakness arises from inadequate authentication mechanisms, enabling attackers to bypass security controls and potentially manipulate the server or access sensitive data. Organizations using this product should assess their configurations and take immediate action to mitigate the risk associated with unauthorized file uploads.

Affected Version(s)

DRYiCE MyXalytics 5.9, 6.0, 6.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 3, 2024
Vulnerability Reserved
Oct 10, 2023