CVE-2023-50343

HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hcltech:dryice_myxalytics:5.9:::::::*
	cpe:2.3:a:hcltech:dryice_myxalytics:6.0:::::::*
	cpe:2.3:a:hcltech:dryice_myxalytics:6.1:::::::*

History

09 Jan 2024, 17:58

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
CPE		cpe:2.3:a:hcltech:dryice_myxalytics:6.1:::::::* cpe:2.3:a:hcltech:dryice_myxalytics:6.0:::::::* cpe:2.3:a:hcltech:dryice_myxalytics:5.9:::::::*
First Time		Hcltech Hcltech dryice Myxalytics
CVSS	v2 : ~~unknown~~ v3 : ~~8.3~~	v2 : unknown v3 : 6.5
References	~~() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 -~~	() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 - Vendor Advisory

03 Jan 2024, 13:48

Type	Values Removed	Values Added
Summary		(es) HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de control de acceso inadecuado (API del controlador). Ciertos endpoint de API son accesibles para los usuarios administradores de clientes que pueden permitir el acceso a información confidencial sobre otros usuarios.

03 Jan 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-03 03:15

Updated : 2024-01-09 17:58

NVD link : CVE-2023-50343

Mitre link : CVE-2023-50343

CVE.ORG link : CVE-2023-50343

JSON object : View

Products Affected

hcltech

dryice_myxalytics

CWE

NVD-CWE-Other

{"id": "CVE-2023-50343", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.8}]}, "published": "2024-01-03T03:15:11.210", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.\n"}, {"lang": "es", "value": "HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de control de acceso inadecuado (API del controlador). Ciertos endpoint de API son accesibles para los usuarios administradores de clientes que pueden permitir el acceso a informaci\u00f3n confidencial sobre otros usuarios."}], "lastModified": "2024-01-09T17:58:38.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D13FF107-A7BD-4925-B5A2-B44983C3713B"}, {"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F872BB54-B3D7-4C48-A8AB-893B566380E6"}, {"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF8533C9-FB63-45EE-8FD4-5C69CB19F362"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}