Session Fixation Vulnerability in HCL MyXalytics Software
CVE-2024-42171

6.4MEDIUM

Key Information:

Vendor: HCL Software Software
Status: Dryice Myxalytics
Vendor: CVE Published:; 11 January 2025

Summary

HCL MyXalytics contains a session fixation vulnerability that allows cybercriminals to manipulate a user's login session by sending specially crafted URLs containing a session token. This could potentially lead to unauthorized access to sensitive information as attackers can hijack active sessions and exploit user credentials without proper authentication.

Affected Version(s)

DRYiCE MyXalytics 6.3

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jul 29, 2024