cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-42181,https://securityvulnerability.io/vulnerability/CVE-2024-42181,Cleartext Transmission Vulnerability in HCL MyXalytics,"HCL MyXalytics contains a vulnerability where sensitive information is transmitted in cleartext, allowing unauthorized individuals to intercept and exploit this data. This flaw poses a significant risk to the confidentiality and integrity of sensitive communications, emphasizing the need for secure transmission methods to safeguard user information from potential breaches.",HCL Software Software,Dryice Myxalytics,1.6,LOW,0.01,false,false,false,false,false,false,false,2025-01-12T22:04:37.495Z,0
CVE-2024-42180,https://securityvulnerability.io/vulnerability/CVE-2024-42180,Malicious File Upload Vulnerability in HCL MyXalytics Application,"HCL MyXalytics is susceptible to a file upload vulnerability that enables attackers to upload and potentially execute malicious files. The application inadequately validates file types, which includes the acceptance of disallowed formats, double extensions, null bytes, and special characters. This flaw can lead to unauthorized access and execution of harmful scripts, jeopardizing the integrity and security of the application and its underlying systems.",HCL Software Software,Dryice Myxalytics,1.6,LOW,0.01,false,false,false,false,false,false,false,2025-01-12T21:53:03.369Z,0
CVE-2024-42179,https://securityvulnerability.io/vulnerability/CVE-2024-42179,Sensitive Information Disclosure in HCL MyXalytics,"HCL MyXalytics is vulnerable to a sensitive information disclosure issue, where the server's HTTP response header incorrectly exposes details regarding the Microsoft-HTTP API/2.0. This can lead to potential information leakage about the server configuration, which may assist malicious actors in exploiting the system further.",HCL Software Software,Dryice Myxalytics,2,LOW,0.01,false,false,false,false,false,false,false,2025-01-12T21:46:39.992Z,0
CVE-2024-42175,https://securityvulnerability.io/vulnerability/CVE-2024-42175,Weak Input Validation in HCL MyXalytics Exposes Applications,"HCL MyXalytics has a vulnerability characterized by weak input validation, allowing the input of special characters without proper length checks. This oversight opens the door to various security threats, including SQL injection, cross-site scripting (XSS), and buffer overflow attacks, potentially compromising the integrity and confidentiality of the application.",HCL Software Software,Dryice Myxalytics,2.6,LOW,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T07:20:57.617Z,0
CVE-2024-42174,https://securityvulnerability.io/vulnerability/CVE-2024-42174,Username Enumeration Vulnerability in HCL MyXalytics Software,"HCL MyXalytics is susceptible to a username enumeration vulnerability that enables attackers to exploit the application by systematically validating usernames. This flaw allows unauthorized users to compile a list of existing usernames, potentially facilitating further attacks such as credential stuffing and targeted phishing. To safeguard sensitive information, organizations using HCL MyXalytics should implement appropriate countermeasures and ensure that their applications are properly secured against such enumeration techniques.",HCL Software Software,Dryice Myxalytics,3.7,LOW,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T07:04:24.964Z,0
CVE-2024-42173,https://securityvulnerability.io/vulnerability/CVE-2024-42173,Improper Password Policy in HCL MyXalytics Allows Brute-Force Attacks,"HCL MyXalytics has a vulnerability related to improper implementation of its password policy. This flaw enables attackers to exploit weak password choices and the absence of account lockout mechanisms, making it feasible to guess or conduct brute-force attacks on user accounts when the corresponding username is known. Organizations using HCL MyXalytics should review their password policies and consider implementing stronger password requirements and lockout protocols to mitigate this risk.",HCL Software Software,Dryice Myxalytics,4.8,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T06:54:33.550Z,0
CVE-2024-42172,https://securityvulnerability.io/vulnerability/CVE-2024-42172,Broken Authentication in HCL MyXalytics Exposes Sensitive Data,"HCL MyXalytics is impacted by a broken authentication vulnerability that permits attackers to seize keys, passwords, and session tokens. This flaw may result from suboptimal configurations, logic flaws, or software issues, creating conditions for unauthorized access and potential identity theft. Applications with access control, including databases, network infrastructure, and web applications, may be affected, leaving sensitive information vulnerable to exploitation.",HCL Software Software,Dryice Myxalytics,5.3,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T06:44:28.808Z,0
CVE-2024-42171,https://securityvulnerability.io/vulnerability/CVE-2024-42171,Session Fixation Vulnerability in HCL MyXalytics Software,HCL MyXalytics contains a session fixation vulnerability that allows cybercriminals to manipulate a user's login session by sending specially crafted URLs containing a session token. This could potentially lead to unauthorized access to sensitive information as attackers can hijack active sessions and exploit user credentials without proper authentication.,HCL Software Software,Dryice Myxalytics,6.4,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T06:31:24.165Z,0
CVE-2024-42170,https://securityvulnerability.io/vulnerability/CVE-2024-42170,Session Fixation Vulnerability in HCL MyXalytics Platform,"HCL MyXalytics is susceptible to a session fixation vulnerability, allowing cyber criminals to exploit this flaw by sending specially crafted URLs that include a session token. If a victim unwittingly clicks such a link, an attacker can hijack the user's login session, potentially gaining unauthorized access to sensitive information. This poses a significant risk to user data security, necessitating prompt awareness and mitigation strategies.",HCL Software Software,Dryice Myxalytics,6.8,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T06:17:20.606Z,0
CVE-2023-50347,https://securityvulnerability.io/vulnerability/CVE-2023-50347,HCL DRYiCE MyXalytics Vulnerable to Insecure SQL Interface Attack,"HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration.
",Hcl Software,Dryice Myxalytics,3.7,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-04-10T01:17:11.128Z,0
CVE-2023-50343,https://securityvulnerability.io/vulnerability/CVE-2023-50343,Improper Access Control (Controller APIs) affects DRYiCE MyXalytics,"The HCL DRYiCE MyXalytics product is affected by an improper access control vulnerability, specifically in the Controller APIs. This flaw permits Customer Admin Users to access certain API endpoints that should remain protected, potentially exposing sensitive information related to other users. This vulnerability underlines the importance of stringent access controls and API security measures within the application to safeguard confidential data and maintain user privacy.",HCL Software,DRYiCE MyXalytics,8.3,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2024-01-03T03:15:00.000Z,0
CVE-2023-50341,https://securityvulnerability.io/vulnerability/CVE-2023-50341,Improper Access Control affects DRYiCE MyXalytics,"HCL DRYiCE MyXalytics is affected by an improper access control vulnerability that arises from the presence of obsolete web pages. This flaw allows unauthorized access to outdated and potentially sensitive information. The absence of adequate access control measures could inadvertently expose users to risks associated with data leaks and the exploitation of vulnerable endpoints, leading to further security compromises. Vigilant management of web resources and timely patches is essential to mitigate these risks.",HCL Software,DRYiCE MyXalytics,7.6,HIGH,0.0013200000394135714,false,false,false,false,,false,false,2024-01-03T03:15:00.000Z,0
CVE-2023-45722,https://securityvulnerability.io/vulnerability/CVE-2023-45722,Path Traversal Arbitrary File Read affects DRYiCE MyXalytics,"HCL DRYiCE MyXalytics is prone to a path traversal vulnerability that allows for arbitrary file reading. This issue arises due to the application's method of handling external input when constructing file paths, particularly those intended to be confined within a restricted parent directory. The vulnerability stems from inadequate neutralization of special characters in the input, which enables attackers to craft malicious pathnames. If exploited, the attacker could potentially access sensitive files located beyond the intended directory boundaries, which may lead to significant disruptions and unauthorized control over the application.",HCL Software,DRYiCE MyXalytics,8.8,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2024-01-03T03:15:00.000Z,0
CVE-2023-45723,https://securityvulnerability.io/vulnerability/CVE-2023-45723,Path Traversal which allows file upload capability affects DRYiCE MyXalytics,HCL DRYiCE MyXalytics contains a path traversal vulnerability that enables unauthorized file uploads. This vulnerability arises from certain endpoints that allow users to manipulate the path and filename for stored files on the server. This can lead to potential unauthorized access and compromise of sensitive data if exploited. Users of HCL DRYiCE MyXalytics are advised to assess their environments and implement appropriate security measures to mitigate the risks associated with this vulnerability.,HCL Software,DRYiCE MyXalytics,7.6,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2024-01-03T03:15:00.000Z,0
CVE-2023-45724,https://securityvulnerability.io/vulnerability/CVE-2023-45724,Unauthenticated File Upload affects DRYiCE MyXalytics,"The HCL DRYiCE MyXalytics product is susceptible to an unauthenticated file upload vulnerability that allows malicious actors to upload arbitrary files to the web application. This weakness arises from inadequate authentication mechanisms, enabling attackers to bypass security controls and potentially manipulate the server or access sensitive data. Organizations using this product should assess their configurations and take immediate action to mitigate the risk associated with unauthorized file uploads.",HCL Software,DRYiCE MyXalytics,8.2,HIGH,0.0016599999507889152,false,false,false,false,,false,false,2024-01-03T03:15:00.000Z,0
CVE-2023-50342,https://securityvulnerability.io/vulnerability/CVE-2023-50342,Insecure Direct Object Reference (IDOR) affects DRYiCE MyXalytics,"HCL DRYiCE MyXalytics has a vulnerability related to Insecure Direct Object Reference (IDOR), which allows a user to gain unauthorized access to information about other users due to inadequate access control mechanisms. This weakness can lead to information disclosure, wherein sensitive user details are exposed, highlighting the critical need for robust access controls and user data protection strategies.",Hcl Software,Dryice Myxalytics,7.1,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-01-03T03:15:00.000Z,0
CVE-2023-50344,https://securityvulnerability.io/vulnerability/CVE-2023-50344,Unauthenticated File Downloads affect DRYiCE MyXalytics,"HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.
",HCL Software,DRYiCE MyXalytics,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2024-01-03T03:15:00.000Z,0
CVE-2023-50348,https://securityvulnerability.io/vulnerability/CVE-2023-50348,Improper Error Handling affects DRYiCE MyXalytics,"HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc.
",HCL Software,DRYiCE MyXalytics,3.1,LOW,0.0006300000241026282,false,false,false,false,,false,false,2024-01-03T02:15:00.000Z,0
CVE-2023-50346,https://securityvulnerability.io/vulnerability/CVE-2023-50346,An information disclosure affects DRYiCE MyXalytics,"HCL DRYiCE MyXalytics has been identified with an information disclosure issue that affects specific endpoints in the application. This vulnerability allows unauthorized access to detailed file information, potentially exposing sensitive data to malicious actors. It is crucial for users of HCL DRYiCE MyXalytics to be aware of this issue, review their security configurations, and apply recommended patches or mitigations provided by HCL to safeguard their information.",HCL Software,DRYiCE MyXalytics,3.1,LOW,0.0005300000193528831,false,false,false,false,,false,false,2024-01-03T02:15:00.000Z,0
CVE-2023-50345,https://securityvulnerability.io/vulnerability/CVE-2023-50345,Open Redirect affects DRYiCE MyXalytics,"HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats.
",HCL Software,DRYiCE MyXalytics,3.7,LOW,0.0006300000241026282,false,false,false,false,,false,false,2024-01-03T02:15:00.000Z,0
CVE-2023-50351,https://securityvulnerability.io/vulnerability/CVE-2023-50351,Insecure key rotation affects MyXalytics,"HCL DRYiCE MyXalytics is affected by a security vulnerability stemming from the use of an insecure key rotation mechanism. This vulnerability can potentially allow attackers to compromise the confidentiality and integrity of sensitive data within the product, highlighting a significant risk for organizations relying on HCL's solutions. Proper key management practices are essential to mitigate the risk associated with this issue and to ensure data protection.",HCL Software,DRYiCE MyXalytics,8.2,HIGH,0.001339999958872795,false,false,false,false,,false,false,2024-01-03T02:15:00.000Z,0
CVE-2023-50350,https://securityvulnerability.io/vulnerability/CVE-2023-50350,A broken cryptographic algorithm impacts MyXalytics,"HCL DRYiCE MyXalytics exhibits a vulnerability due to the implementation of a broken cryptographic algorithm. This flaw could potentially allow attackers to decrypt sensitive information, which poses a significant risk to data confidentiality. Organizations utilizing this product should assess their exposure and take necessary actions to mitigate the risk associated with this vulnerability.",HCL Software,DRYiCE MyXalytics,8.2,HIGH,0.0008399999933317304,false,false,false,false,,false,false,2024-01-03T02:15:00.000Z,0