CVE-2023-45723

Published Jan 3, 2024

Last updated 6 months ago

CVSS high 7.6

Overview

Description: HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.
Source: psirt@hcl.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D13FF107-A7BD-4925-B5A2-B44983C3713B"
          },
          {
            "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F872BB54-B3D7-4C48-A8AB-893B566380E6"
          },
          {
            "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF8533C9-FB63-45EE-8FD4-5C69CB19F362"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References