CVE-2024-42176

Low

Published: 19 March 2025

Published

19 March 2025

Modified

16 May 2025

KEV Added

—

Patch

—

CVSS Score 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

EPSS Score 0.0016 37.0th percentile

Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Description

HCL MyXalytics is affected by concurrent login vulnerability. A concurrent login vulnerability occurs when simultaneous active sessions are allowed for a single credential allowing an attacker to potentially obtain access to a user's account or sensitive information.

Security Summary

CVE-2024-42176 is a concurrent login vulnerability in HCL MyXalytics, where the software permits simultaneous active sessions for a single set of credentials. This flaw, classified under CWE-307 (Improper Restriction of Excessive Authentication Attempts), enables potential unauthorized access to a user's account or sensitive information. The vulnerability received a CVSS v3.1 base score of 2.6 (AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N), indicating low severity with network accessibility but high attack complexity, requirement for low-privilege access, and user interaction.

An attacker with low privileges (PR:L) could exploit this over the network (AV:N), though it demands high complexity (AC:H) and user interaction (UI:R), such as tricking the user into concurrent login actions. Successful exploitation would grant limited confidentiality impact (C:L), allowing the attacker to potentially access the user's account or sensitive data without affecting integrity or availability.

Mitigation details are outlined in the HCL Software advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119919.

Details

CWE(s): CWE-307

Affected Products

hcltech

dryice myxalytics

6.3, 6.4

MITRE ATT&CK Enterprise Techniques

Insufficient information to map techniques.

Confidence: LOW · MITRE ATT&CK Enterprise v19.0

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119919
Vendor Advisory · psirt@hcl.com