CVE-2023-45723
Path Traversal which allows file upload capability affects DRYiCE MyXalytics
In short
DRYiCE MyXalytics has a vulnerability that lets attackers upload files to unintended locations on the server by manipulating file paths. This allows them to potentially overwrite important files or execute malicious code.
Technical detail
A path traversal flaw in DRYiCE MyXalytics file upload endpoints permits unauthenticated or authenticated users to specify arbitrary file paths during upload operations, enabling placement of files outside intended directories. The vulnerability stems from insufficient input validation on file path parameters, potentially leading to remote code execution or unauthorized file system access.
Summary generated and translated by AI from the official description.
HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Affected products
HCL Software · DRYiCE MyXalyticsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →