Insecure key rotation affects MyXalytics
CVE-2023-50351

8.2HIGH

Key Information:

Vendor: HCL Software
Status: DRYiCE MyXalytics
Vendor: CVE Published:; 3 January 2024

🔔 Create HCL Software Vulnerability Alert

What is CVE-2023-50351?

HCL DRYiCE MyXalytics is affected by a security vulnerability stemming from the use of an insecure key rotation mechanism. This vulnerability can potentially allow attackers to compromise the confidentiality and integrity of sensitive data within the product, highlighting a significant risk for organizations relying on HCL's solutions. Proper key management practices are essential to mitigate the risk associated with this issue and to ensure data protection.

Affected Version(s)

DRYiCE MyXalytics 5.9, 6.0, 6.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 3, 2024
Vulnerability Reserved
Dec 7, 2023