CVE-2024-42180: HCL MyXalytics is affected by a malicious file upload vulnerability

1.6 CVSS

Description

HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files.

Classification

CVE ID: CVE-2024-42180

CVSS Base Severity: LOW

CVSS Base Score: 1.6

Affected Products

Vendor: HCL Software

Product: DRYiCE MyXalytics

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.46% (scored less or equal to compared to others)

EPSS Date: 2025-02-10 (when was this score calculated)

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149

Timeline

2025-01-13 00:30:18 UTC
CVE

HCL MyXalytics is affected by a malicious file upload vulnerability