CVE-2023-45723

HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability.  Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*

History

09 Jan 2024, 18:52

Type Values Removed Values Added
CWE CWE-22
First Time Hcltech dryice Myxalytics
Hcltech
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 - () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*

03 Jan 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-03 03:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-45723

Mitre link : CVE-2023-45723

CVE.ORG link : CVE-2023-45723


JSON object : View

Products Affected

hcltech

  • dryice_myxalytics
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')