CVE-2024-42180

HCL MyXalytics is affected by a malicious file upload vulnerability.  The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.6 LOW
PHYSICAL
HIGH
HIGH
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
HCLCNA
1.6 LOW
PHYSICAL
HIGH
HIGH
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
hcltechdryice_myxalytics
6.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149