Hcltech: >> Dryice Myxalytics Security Vulnerabilities
HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-01-11
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-01-11
HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.
CVSS Score
8.9
EPSS Score
0.001
Published
2025-01-11
HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-01-11
HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration.
CVSS Score
3.7
EPSS Score
0.004
Published
2024-04-10
HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.
CVSS Score
8.3
EPSS Score
0.001
Published
2024-01-03
HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-01-03
HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.
CVSS Score
7.6
EPSS Score
0.001
Published
2024-01-03
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A user can obtain certain details about another user as a result of improper access control.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-01-03
HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-01-03