CVE-2024-42175

CVE-2024-42175 is a weak input validation vulnerability in HCL MyXalytics. The application fails to properly sanitize inputs, accepting special characters without length restrictions, which can enable downstream issues such as SQL injection, cross-site scripting (XSS), and buffer overflows. This flaw is classified under CWE-20 (Improper Input Validation) with additional NVD-CWE-noinfo mapping, and it carries a low CVSS v3.1 base score of 2.6.

Exploitation requires network access (AV:N), high attack complexity (AC:H), low privileges (PR:L), and user interaction (UI:R), with no impact on confidentiality or availability (C:N/A:N) but low integrity impact (I:L) and unchanged scope (S:U). A low-privileged authenticated attacker could potentially leverage this by crafting malicious inputs that trick another user into interacting with them, leading to limited data manipulation consistent with the scored impacts and potential for the listed injection or overflow vectors.

Mitigation details are available in the HCL Software support knowledge base article at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149. Security practitioners should consult this advisory for patching instructions or workarounds specific to affected HCL MyXalytics deployments.