CVE-2023-50344 - OpenCVE

HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hcltech	Dryice Myxalytics

Configuration 1 [-]

OR	cpe:2.3:a:hcltech:dryice_myxalytics:5.9:::::::*
	cpe:2.3:a:hcltech:dryice_myxalytics:6.0:::::::*
	cpe:2.3:a:hcltech:dryice_myxalytics:6.1:::::::*

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: HCL

Published: 2024-01-03T02:25:23.360Z

Updated: 2024-01-03T02:25:23.360Z

Reserved: 2023-12-07T03:55:55.604Z

Link: CVE-2023-50344

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-03T03:15:11.373

Modified: 2024-01-09T17:51:58.343

Link: CVE-2023-50344

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "D13FF107-A7BD-4925-B5A2-B44983C3713B", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "F872BB54-B3D7-4C48-A8AB-893B566380E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "CF8533C9-FB63-45EE-8FD4-5C69CB19F362", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.\n"}, {"lang": "es", "value": "HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de control de acceso inadecuado (descarga de archivos no autenticados). Un usuario no autenticado puede descargar ciertos archivos."}], "id": "CVE-2023-50344", "lastModified": "2024-01-09T17:51:58.343", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2024-01-03T03:15:11.373", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}