CVE-2024-42168 HIGH

CVE-2024-42168: HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability

Vendor Hcl Software
Product DRYiCE MyXalytics
Weakness CWE-610
Published January 11, 2025
Last update January 13, 2025

CVSS base score

8.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content.

Key dates

02Disclosure timeline

January 11, 2025 CVE published
January 13, 2025 Record updated