Overview
- Description
- HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.
- Source
- psirt@hcl.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D13FF107-A7BD-4925-B5A2-B44983C3713B"
},
{
"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F872BB54-B3D7-4C48-A8AB-893B566380E6"
},
{
"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF8533C9-FB63-45EE-8FD4-5C69CB19F362"
}
],
"operator": "OR"
}
]
}
]