Today > 5 Critical | 36 High | 55 Medium | 1 Low vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-42173

Jan. 11, 2025, 7:15 a.m.

Tags

psirt@hcl.com
CWE-521
2025-01-11
CVE-2024-42173

CVSS Score

4.8 / 10

Product(s) Impacted

HCL MyXalytics

Description

HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known.

Weaknesses

CWE-521
Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

CWE ID: 521

Date

Published: Jan. 11, 2025, 7:15 a.m.

Last Modified: Jan. 11, 2025, 7:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@hcl.com

CVSS Data

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

Base Score
4.8
Exploitability Score
1.2
Impact Score
3.6
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

References

https://support.hcl-software.com/ psirt@hcl.com