Lucene search

[email protected]NVD:CVE-2023-50343

HistoryJan 03, 2024 - 3:15 a.m.

CVE-2023-50343

2024-01-0303:15:11

[email protected]

web.nvd.nist.gov

hcl dryice myxalytics

improper access control

controller apis

customer admin users

sensitive information

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.

Affected configurations

Nvd

Node

hcltechdryice_myxalyticsMatch5.9

hcltechdryice_myxalyticsMatch6.0

hcltechdryice_myxalyticsMatch6.1

VendorProductVersionCPE
hcltechdryice_myxalytics5.9cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*
hcltechdryice_myxalytics6.0cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*
hcltechdryice_myxalytics6.1cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hcltech	dryice_myxalytics	5.9	cpe:2.3:a:hcltech:dryice_myxalytics:5.9:::::::*
hcltech	dryice_myxalytics	6.0	cpe:2.3:a:hcltech:dryice_myxalytics:6.0:::::::*
hcltech	dryice_myxalytics	6.1	cpe:2.3:a:hcltech:dryice_myxalytics:6.1:::::::*

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

Related for NVD:CVE-2023-50343

cve1 cvelist1 prion1