Unauthenticated File Upload affects DRYiCE MyXalytics
CVE-2023-45724

9.8CRITICAL

Key Information:

Vendor: HCL Software Software
Status: Dryice Myxalytics
Vendor: CVE Published:; 3 January 2024

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2023-45724?

The HCL DRYiCE MyXalytics product is susceptible to an unauthenticated file upload vulnerability that allows malicious actors to upload arbitrary files to the web application. This weakness arises from inadequate authentication mechanisms, enabling attackers to bypass security controls and potentially manipulate the server or access sensitive data. Organizations using this product should assess their configurations and take immediate action to mitigate the risk associated with unauthorized file uploads.

Affected Version(s)

DRYiCE MyXalytics 5.9, 6.0, 6.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 3, 2024
Vulnerability Reserved
Oct 10, 2023

JSON