Cyber Resilience

CVE-2024-42175

Low

Published: 11 January 2025

Published
11 January 2025
Modified
16 May 2025
KEV Added
Patch
CVSS Score v3.1 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS Score 0.0018 39.4th percentile
Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-42175 is a low-severity Improper Input Validation (CWE-20) vulnerability in Hcltech Dryice Myxalytics. Its CVSS base score is 2.6 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).

Deeper analysis

CVE-2024-42175 is a weak input validation vulnerability in HCL MyXalytics. The application fails to properly sanitize inputs, accepting special characters without length restrictions, which can enable downstream issues such as SQL injection, cross-site scripting (XSS), and buffer overflows. This flaw is classified under CWE-20 (Improper Input Validation) with additional NVD-CWE-noinfo mapping, and it carries a low CVSS v3.1 base score of 2.6.

Exploitation requires network access (AV:N), high attack complexity (AC:H), low privileges (PR:L), and user interaction (UI:R), with no impact on confidentiality or availability (C:N/A:N) but low integrity impact (I:L) and unchanged scope (S:U). A low-privileged authenticated attacker could potentially leverage this by crafting malicious inputs that trick another user into interacting with them, leading to limited data manipulation consistent with the scored impacts and potential for the listed injection or overflow vectors.

Mitigation details are available in the HCL Software support knowledge base article at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149. Security practitioners should consult this advisory for patching instructions or workarounds specific to affected HCL MyXalytics deployments.

EU & UK References

Vulnerability details

HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Weak input validation enables injection attacks (SQLi/XSS) against the public-facing web app, directly mapping to exploitation of remote services/applications.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-42168Same product: Hcltech Dryice Myxalytics
CVE-2024-42172Same product: Hcltech Dryice Myxalytics
CVE-2024-42169Same product: Hcltech Dryice Myxalytics
CVE-2024-42180Same product: Hcltech Dryice Myxalytics
CVE-2024-42181Same product: Hcltech Dryice Myxalytics
CVE-2024-42176Same product: Hcltech Dryice Myxalytics
CVE-2025-55270Same vendor: Hcltech
CVE-2025-55271Same vendor: Hcltech
CVE-2025-62319Same vendor: Hcltech
CVE-2025-31958Same vendor: Hcltech

Affected Assets

hcltech
dryice myxalytics
6.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation by requiring checks for special characters and length limits to prevent SQL injection, XSS, and buffer overflows.

prevent

Enforces input restrictions such as maximum length and allowed characters at system boundaries, mitigating the lack of length validation and special character acceptance.

prevent

Provides output filtering to mitigate XSS risks arising from unsanitized inputs containing special characters.

References