Hcltech Dryice_myxalytics
31 CVEs affecting Hcltech Dryice_myxalytics. Latest disclosed: 2025-10-03. Critical: 0, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-42168 | High | 8.9 | 2025-01-11 | HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then ind… |
CVE-2023-45722 | High | 8.8 | 2024-01-03 | HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended t… |
CVE-2023-50343 | High | 8.3 | 2024-01-03 | HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users t… |
CVE-2023-45724 | High | 8.2 | 2024-01-03 | HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requir… |
CVE-2023-50351 | High | 8.2 | 2024-01-03 | HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity o… |
CVE-2023-50350 | High | 8.2 | 2024-01-03 | HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive in… |
CVE-2025-52656 | High | 7.6 | 2025-10-03 | HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects withou… |
CVE-2025-52653 | High | 7.6 | 2025-10-03 | HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentia… |
CVE-2023-50341 | High | 7.6 | 2024-01-03 | HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Mi… |
CVE-2023-45723 | High | 7.6 | 2024-01-03 | HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path (… |
CVE-2024-42169 | High | 7.1 | 2025-01-11 | HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be… |
CVE-2023-50342 | High | 7.1 | 2024-01-03 | HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A user can obtain certain details about another user as a resul… |
CVE-2024-42170 | Medium | 6.8 | 2025-01-11 | HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the vi… |
CVE-2024-42171 | Medium | 6.4 | 2025-01-11 | HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the vi… |
CVE-2023-50344 | Medium | 5.4 | 2024-01-03 | HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files. |
CVE-2024-42172 | Medium | 5.3 | 2025-01-11 | HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity th… |
CVE-2024-42173 | Medium | 4.8 | 2025-01-11 | HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to… |
CVE-2025-52654 | Medium | 4.6 | 2025-10-03 | HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially all… |
CVE-2024-42174 | Low | 3.7 | 2025-01-11 | HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore comp… |
CVE-2023-50347 | Low | 3.7 | 2024-04-10 | HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malic… |