HCL DRYiCE MyXalytics Vulnerable to Insecure SQL Interface Attack
CVE-2023-50347

9.8CRITICAL

Key Information:

Vendor: Hcl Software
Status: Dryice Myxalytics
Vendor: CVE Published:; 10 April 2024

🔔 Create Hcl Software Vulnerability Alert

What is CVE-2023-50347?

HCL DRYiCE MyXalytics is susceptible to an insecure SQL interface vulnerability that may permit attackers to execute unauthorized SQL queries. This vulnerability could allow a malicious actor to run arbitrary SQL commands, potentially enabling the modification of system configuration and compromising the integrity of the database.

Affected Version(s)

DRYiCE MyXalytics 5.9, 6.0, 6.1, 6.2

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Dec 7, 2023

JSON