Weak Input Validation in HCL MyXalytics Exposes Applications
CVE-2024-42175

2.6LOW

Key Information:

Vendor: HCL Software Software
Status: Dryice Myxalytics
Vendor: CVE Published:; 11 January 2025

Summary

HCL MyXalytics has a vulnerability characterized by weak input validation, allowing the input of special characters without proper length checks. This oversight opens the door to various security threats, including SQL injection, cross-site scripting (XSS), and buffer overflow attacks, potentially compromising the integrity and confidentiality of the application.

Affected Version(s)

DRYiCE MyXalytics 6.3

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jul 29, 2024