CVE-2024-42180 LOW

CVE-2024-42180: HCL MyXalytics is affected by a malicious file upload vulnerability

Vendor Hcl Software
Product DRYiCE MyXalytics
Weakness CWE-434 · Unrestricted file upload
Published January 12, 2025
Last update January 13, 2025

CVSS base score

1.6/10
Attack vector Physical
Attack complexity High
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files.

Key dates

02Disclosure timeline

January 12, 2025 CVE published
January 13, 2025 Record updated