HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.
References
Link | Resource |
---|---|
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
09 Jan 2024, 18:52
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
First Time |
Hcltech dryice Myxalytics
Hcltech |
|
References | () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:* cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:* cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:* |
03 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-03 03:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-45723
Mitre link : CVE-2023-45723
CVE.ORG link : CVE-2023-45723
JSON object : View
Products Affected
hcltech
- dryice_myxalytics
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')