CVE-2024-42181

Low

Published: 12 January 2025

Published

12 January 2025

Modified

16 May 2025

KEV Added

—

Patch

—

CVSS Score 1.6 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0010 26.8th percentile

Risk Priority 3 60% EPSS · 20% KEV · 20% CVSS

Description

HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. The application transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Security Summary

CVE-2024-42181 is a cleartext transmission of sensitive information vulnerability (CWE-319) affecting HCL MyXalytics. The application transmits sensitive or security-critical data in cleartext over a communication channel that can be sniffed by unauthorized actors. This issue was published on 2025-01-12 and carries a CVSS v3.1 base score of 1.6 (AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N), indicating low severity due to its restrictive requirements.

Exploitation requires physical access (AV:P) to the system, high attack complexity (AC:H), and high privileges (PR:H), with no user interaction needed (UI:N). Successful attackers can achieve low-impact confidentiality disclosure (C:L), such as sniffing sensitive data transmitted in cleartext, but with no impact on integrity or availability and unchanged scope (S:U).

The HCL support knowledge base article at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149 provides further details on this vulnerability, including potential mitigation guidance.

Details

CWE(s): CWE-319

Affected Products

hcltech

dryice myxalytics

6.3

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149
Vendor Advisory · psirt@hcl.com