Lucene search

HCLCVELIST:CVE-2023-50343

HistoryJan 03, 2024 - 2:37 a.m.

CVE-2023-50343 Improper Access Control (Controller APIs) affects DRYiCE MyXalytics

2024-01-0302:37:22

HCL

www.cve.org

cve-2023-50343

controller apis

dryice myxalytics

customer admin users

sensitive information

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DRYiCE MyXalytics",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "5.9, 6.0, 6.1"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

Related for CVELIST:CVE-2023-50343