CVE-2024-42175 LOW

CVE-2024-42175: HCL MyXalytics is affected by a weak input validation vulnerability

Vendor Hcl Software
Product DRYiCE MyXalytics
Weakness CWE-20 · Input validation
Published January 11, 2025
Last update January 13, 2025

CVSS base score

2.6/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow.

Key dates

02Disclosure timeline

January 11, 2025 CVE published
January 13, 2025 Record updated