CVE-2024-42172

HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hcltech:dryice_myxalytics:6.3:*:*:*:*:*:*:*

History

16 May 2025, 13:47

Type	Values Removed	Values Added
Summary		(es) HCL MyXalytics se ve afectado por una autenticación fallida. Esto permite a los atacantes comprometer claves, contraseñas y tokens de sesión, lo que puede provocar robo de identidad y control del sistema. Esta vulnerabilidad surge de una configuración deficiente, errores lógicos o errores de software y puede afectar a cualquier aplicación con control de acceso, incluidas bases de datos, infraestructura de red y aplicaciones web.
References	~~() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149 -~~	() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149 - Vendor Advisory
CPE		cpe:2.3:a:hcltech:dryice_myxalytics:6.3:::::::*
First Time		Hcltech dryice Myxalytics Hcltech
CWE		CWE-522

11 Jan 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-11 07:15

Updated : 2025-05-16 13:47

NVD link : CVE-2024-42172

Mitre link : CVE-2024-42172

CVE.ORG link : CVE-2024-42172

JSON object : View

Products Affected

hcltech

dryice_myxalytics

CWE

CWE-287

Improper Authentication

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2024-42172", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-01-11T07:15:08.743", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications."}, {"lang": "es", "value": "HCL MyXalytics se ve afectado por una autenticaci\u00f3n fallida. Esto permite a los atacantes comprometer claves, contrase\u00f1as y tokens de sesi\u00f3n, lo que puede provocar robo de identidad y control del sistema. Esta vulnerabilidad surge de una configuraci\u00f3n deficiente, errores l\u00f3gicos o errores de software y puede afectar a cualquier aplicaci\u00f3n con control de acceso, incluidas bases de datos, infraestructura de red y aplicaciones web."}], "lastModified": "2025-05-16T13:47:39.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C92689D-384F-41F5-9E28-517A968FAD9E"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}