CVE-2023-45722
Path Traversal Arbitrary File Read affects DRYiCE MyXalytics
In short
DRYiCE MyXalytics has a flaw that allows attackers to read files anywhere on the server by manipulating file paths. An attacker can bypass protections and access sensitive data like passwords or configuration files.
Technical detail
Path traversal vulnerability (CWE-22) in DRYiCE MyXalytics resulting from insufficient sanitization of user-supplied pathname input. An unauthenticated or authenticated attacker can craft special characters in file path parameters to escape the intended directory restrictions and read arbitrary files on the system, potentially exposing credentials and system configuration.
Summary generated and translated by AI from the official description.
HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
HCL Software · DRYiCE MyXalyticsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →