Improper access control

2024-01-0303:15:00

PRIOn knowledge base

www.prio-n.com

hcl dryice myxalytics

improper access control

controller apis

customer admin users

sensitive information

6.7 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.1%

JSON

HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.

CPENameOperatorVersion
dryice_myxalyticseq6.1
dryice_myxalyticseq5.9
dryice_myxalyticseq6.0

Name	Operator	Version
dryice_myxalytics	eq	6.1
dryice_myxalytics	eq	5.9
dryice_myxalytics	eq	6.0

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608