Vulnerabilities > Hcltech > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-01-12 CVE-2024-42180 Unrestricted Upload of File with Dangerous Type vulnerability in Hcltech Dryice Myxalytics 6.3
HCL MyXalytics is affected by a malicious file upload vulnerability.
network
low complexity
hcltech CWE-434
critical
 9.8
9.8
2025-01-11 CVE-2024-42175 Unspecified vulnerability in Hcltech Dryice Myxalytics 6.3
HCL MyXalytics is affected by a weak input validation vulnerability.
network
low complexity
hcltech
critical
 9.8
9.8
2025-01-11 CVE-2024-42172 Insufficiently Protected Credentials vulnerability in Hcltech Dryice Myxalytics 6.3
HCL MyXalytics is affected by broken authentication.
network
low complexity
hcltech CWE-522
critical
 9.8
9.8
2025-01-11 CVE-2024-42168 Server-Side Request Forgery (SSRF) vulnerability in Hcltech Dryice Myxalytics 6.3
HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability.
network
low complexity
hcltech CWE-918
critical
 9.4
9.4
2024-04-10 CVE-2023-50347 Unspecified vulnerability in Hcltech Dryice Myxalytics
HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries.
network
low complexity
hcltech
critical
 9.8
9.8
2024-01-03 CVE-2023-45722 Path Traversal vulnerability in Hcltech Dryice Myxalytics 5.9/6.0/6.1
HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.
network
low complexity
hcltech CWE-22
critical
 9.8
9.8
2024-01-03 CVE-2023-45723 Path Traversal vulnerability in Hcltech Dryice Myxalytics 5.9/6.0/6.1
HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability.
network
low complexity
hcltech CWE-22
critical
 9.8
9.8
2024-01-03 CVE-2023-45724 Unrestricted Upload of File with Dangerous Type vulnerability in Hcltech Dryice Myxalytics 5.9/6.0/6.1
HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability.
network
low complexity
hcltech CWE-434
critical
 9.8
9.8
2024-01-03 CVE-2023-50351 Unspecified vulnerability in Hcltech Dryice Myxalytics 5.9/6.0/6.1
HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data.
network
low complexity
hcltech
critical
 9.1
9.1
2023-10-19 CVE-2023-37503 Weak Password Requirements vulnerability in Hcltech HCL Compass
HCL Compass is vulnerable to insecure password requirements.
network
low complexity
hcltech CWE-521
critical
 9.8
9.8