CVE-2024-42173

HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hcltech:dryice_myxalytics:6.3:*:*:*:*:*:*:*

History

16 May 2025, 13:47

Type	Values Removed	Values Added
First Time		Hcltech Hcltech dryice Myxalytics
Summary		(es) HCL MyXalytics se ve afectado por una vulnerabilidad de implementación de política de contraseñas incorrecta. Las contraseñas débiles y la falta de políticas de bloqueo de cuentas permiten a los atacantes adivinar o forzar las contraseñas si se conoce el nombre de usuario.
References	~~() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149 -~~	() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149 - Vendor Advisory
CPE		cpe:2.3:a:hcltech:dryice_myxalytics:6.3:::::::*

11 Jan 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-11 07:15

Updated : 2025-05-16 13:47

NVD link : CVE-2024-42173

Mitre link : CVE-2024-42173

CVE.ORG link : CVE-2024-42173

JSON object : View

Products Affected

hcltech

dryice_myxalytics

CWE

CWE-521

Weak Password Requirements

{"id": "CVE-2024-42173", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2025-01-11T07:15:08.927", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-521"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known."}, {"lang": "es", "value": "HCL MyXalytics se ve afectado por una vulnerabilidad de implementaci\u00f3n de pol\u00edtica de contrase\u00f1as incorrecta. Las contrase\u00f1as d\u00e9biles y la falta de pol\u00edticas de bloqueo de cuentas permiten a los atacantes adivinar o forzar las contrase\u00f1as si se conoce el nombre de usuario."}], "lastModified": "2025-05-16T13:47:55.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C92689D-384F-41F5-9E28-517A968FAD9E"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}