CVE-2023-45722

{"id": "CVE-2023-45722", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-01-03T03:15:09.200", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}, {"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. \u00a0The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application.\n"}, {"lang": "es", "value": "HCL DRYiCE MyXalytics se ve afectado por la vulnerabilidad de lectura de archivos arbitrarios de path traversal porque utiliza entrada externa para construir un nombre de ruta destinado a identificar un archivo o directorio que se encuentra debajo de un directorio principal restringido. El producto no neutraliza adecuadamente los elementos especiales dentro del nombre de ruta que pueden hacer que el nombre de ruta se resuelva en una ubicaci\u00f3n que est\u00e1 fuera del directorio restringido. Las posibles explotaciones pueden interrumpir por completo la aplicaci\u00f3n o apoderarse de ella."}], "lastModified": "2024-11-21T08:27:15.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D13FF107-A7BD-4925-B5A2-B44983C3713B"}, {"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F872BB54-B3D7-4C48-A8AB-893B566380E6"}, {"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF8533C9-FB63-45EE-8FD4-5C69CB19F362"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}