CVE-2023-50350

HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hcltech:dryice_myxalytics:5.9:::::::*
	cpe:2.3:a:hcltech:dryice_myxalytics:6.0:::::::*
	cpe:2.3:a:hcltech:dryice_myxalytics:6.1:::::::*

History

09 Jan 2024, 19:44

Type	Values Removed	Values Added
CPE		cpe:2.3:a:hcltech:dryice_myxalytics:6.1:::::::* cpe:2.3:a:hcltech:dryice_myxalytics:6.0:::::::* cpe:2.3:a:hcltech:dryice_myxalytics:5.9:::::::*
First Time		Hcltech Hcltech dryice Myxalytics
References	~~() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 -~~	() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 - Vendor Advisory
CWE		CWE-327
CVSS	v2 : ~~unknown~~ v3 : ~~8.2~~	v2 : unknown v3 : 7.5

03 Jan 2024, 13:48

Type	Values Removed	Values Added
Summary		(es) HCL DRYiCE MyXalytics se ve afectado por el uso de un algoritmo criptográfico roto para el cifrado, lo que potencialmente brinda al atacante la capacidad de descifrar información confidencial.

03 Jan 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-03 02:15

Updated : 2024-01-09 19:44

NVD link : CVE-2023-50350

Mitre link : CVE-2023-50350

CVE.ORG link : CVE-2023-50350

JSON object : View

Products Affected

hcltech

dryice_myxalytics

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

{"id": "CVE-2023-50350", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2024-01-03T02:15:44.227", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. \n"}, {"lang": "es", "value": "HCL DRYiCE MyXalytics se ve afectado por el uso de un algoritmo criptogr\u00e1fico roto para el cifrado, lo que potencialmente brinda al atacante la capacidad de descifrar informaci\u00f3n confidencial."}], "lastModified": "2024-01-09T19:44:18.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D13FF107-A7BD-4925-B5A2-B44983C3713B"}, {"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F872BB54-B3D7-4C48-A8AB-893B566380E6"}, {"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF8533C9-FB63-45EE-8FD4-5C69CB19F362"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}