VYPR

DRYiCE MyXalytics

by HCL Software

CVEs (8)

  • CVE-2023-50343HigJan 3, 2024
    risk 0.54cvss 8.3epss 0.00

    HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.

  • CVE-2023-50351HigJan 3, 2024
    risk 0.53cvss 8.2epss 0.00

    HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data.

  • CVE-2023-50350HigJan 3, 2024
    risk 0.53cvss 8.2epss 0.00

    HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information.

  • CVE-2023-50341HigJan 3, 2024
    risk 0.49cvss 7.6epss 0.00

    HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a…

  • CVE-2023-50344MedJan 3, 2024
    risk 0.35cvss 5.4epss 0.00

    HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.

  • CVE-2023-50345LowJan 3, 2024
    risk 0.24cvss 3.7epss 0.00

    HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats.

  • CVE-2023-50348LowJan 3, 2024
    risk 0.20cvss 3.1epss 0.00

    HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc.

  • CVE-2023-50346LowJan 3, 2024
    risk 0.20cvss 3.1epss 0.00

    HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information.