CVE-2023-45722 HIGH

CVE-2023-45722: Path Traversal Arbitrary File Read affects DRYiCE MyXalytics

Vendor Hcl Software
Product DRYiCE MyXalytics
Published January 3, 2024
Last update June 3, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.  The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application.

Key dates

02Disclosure timeline

January 3, 2024 CVE published
June 3, 2025 Record updated