Auth bypass in Hcl Software Dryice Myxalytics
CVE-2024-42172
HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logi…
Vulnerability class: Broken Authentication
EPSS: 0.004 (29.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Hcl Software Dryice Myxalytics — versions 6.3
- Hcltech Dryice_myxalytics — versions 6.3
Weakness classification (CWE)
References
- psirt@hcl.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2024-42172?
- CVE-2024-42172 is a medium-severity vulnerability in Hcl Software Dryice Myxalytics, classified under Improper Authentication. CVSS score: 5.3/10. Published 2025-01-11.
- How severe is CVE-2024-42172?
- Medium severity. CVSS v3 base score is 5.3 out of 10.