CVE-2024-42180

HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files.

CVSS v3 1.6 LOW

1.6^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.1 / Impact : 1.4

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hcltech:dryice_myxalytics:6.3:*:*:*:*:*:*:*

History

16 May 2025, 13:45

Type	Values Removed	Values Added
First Time		Hcltech Hcltech dryice Myxalytics
CPE		cpe:2.3:a:hcltech:dryice_myxalytics:6.3:::::::*
Summary		(es) HCL MyXalytics se ve afectada por una vulnerabilidad de carga de archivos maliciosos. La aplicación acepta cargas de archivos no válidas, incluidos tipos de contenido incorrectos, extensiones dobles, bytes nulos y caracteres especiales, lo que permite a los atacantes cargar y ejecutar archivos maliciosos.
References	~~() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149 -~~	() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149 - Vendor Advisory

12 Jan 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-12 22:15

Updated : 2025-05-16 13:45

NVD link : CVE-2024-42180

Mitre link : CVE-2024-42180

CVE.ORG link : CVE-2024-42180

JSON object : View

Products Affected

hcltech

dryice_myxalytics

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2024-42180", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 1.6, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-01-12T22:15:06.983", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files."}, {"lang": "es", "value": "HCL MyXalytics se ve afectada por una vulnerabilidad de carga de archivos maliciosos. La aplicaci\u00f3n acepta cargas de archivos no v\u00e1lidas, incluidos tipos de contenido incorrectos, extensiones dobles, bytes nulos y caracteres especiales, lo que permite a los atacantes cargar y ejecutar archivos maliciosos."}], "lastModified": "2025-05-16T13:45:08.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C92689D-384F-41F5-9E28-517A968FAD9E"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}