CVE-2023-50343

HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*

History

18 Jun 2025, 16:15

Type Values Removed Values Added
CWE CWE-284

21 Nov 2024, 08:36

Type Values Removed Values Added
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 - Vendor Advisory () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 - Vendor Advisory
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 8.3

09 Jan 2024, 17:58

Type Values Removed Values Added
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 - () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 - Vendor Advisory
CWE NVD-CWE-Other
CVSS v2 : unknown
v3 : 8.3
v2 : unknown
v3 : 6.5
First Time Hcltech
Hcltech dryice Myxalytics
CPE cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*

03 Jan 2024, 13:48

Type Values Removed Values Added
Summary
  • (es) HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de control de acceso inadecuado (API del controlador). Ciertos endpoint de API son accesibles para los usuarios administradores de clientes que pueden permitir el acceso a información confidencial sobre otros usuarios.

03 Jan 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-03 03:15

Updated : 2025-06-18 16:15


NVD link : CVE-2023-50343

Mitre link : CVE-2023-50343

CVE.ORG link : CVE-2023-50343


JSON object : View

Products Affected

hcltech

  • dryice_myxalytics
CWE
NVD-CWE-Other CWE-284

Improper Access Control