CVE-2023-45723

HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability.  Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*

History

21 Nov 2024, 08:27

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 7.6
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 - Vendor Advisory () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 - Vendor Advisory

09 Jan 2024, 18:52

Type Values Removed Values Added
First Time Hcltech dryice Myxalytics
Hcltech
CPE cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 - () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-22

03 Jan 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-03 03:15

Updated : 2024-11-21 08:27


NVD link : CVE-2023-45723

Mitre link : CVE-2023-45723

CVE.ORG link : CVE-2023-45723


JSON object : View

Products Affected

hcltech

  • dryice_myxalytics
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')