Hcltech Dryice_myxalytics

31 CVEs affecting Hcltech Dryice_myxalytics. Latest disclosed: 2025-10-03. Critical: 0, High: 12.

Top CVEs affecting Hcltech Dryice_myxalytics
CVESeverityScorePublishedSummary
CVE-2024-42168High8.92025-01-11HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then ind…
CVE-2023-45722High8.82024-01-03HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended t…
CVE-2023-50343High8.32024-01-03HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users t…
CVE-2023-45724High8.22024-01-03HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requir…
CVE-2023-50351High8.22024-01-03HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity o…
CVE-2023-50350High8.22024-01-03HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive in…
CVE-2025-52656High7.62025-10-03HCL MyXalytics: 6.6.  is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects withou…
CVE-2025-52653High7.62025-10-03HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentia…
CVE-2023-50341High7.62024-01-03HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Mi…
CVE-2023-45723High7.62024-01-03HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability.  Certain endpoints permit users to manipulate the path (…
CVE-2024-42169High7.12025-01-11HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be…
CVE-2023-50342High7.12024-01-03HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.  A user can obtain certain details about another user as a resul…
CVE-2024-42170Medium6.82025-01-11HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the vi…
CVE-2024-42171Medium6.42025-01-11HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the vi…
CVE-2023-50344Medium5.42024-01-03HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.
CVE-2024-42172Medium5.32025-01-11HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity th…
CVE-2024-42173Medium4.82025-01-11HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to…
CVE-2025-52654Medium4.62025-10-03HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially all…
CVE-2024-42174Low3.72025-01-11HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore comp…
CVE-2023-50347Low3.72024-04-10HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malic…