CVE-2024-42175

Low

Published: 11 January 2025

Published

11 January 2025

Modified

16 May 2025

KEV Added

—

Patch

—

CVSS Score 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

EPSS Score 0.0018 39.2th percentile

Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-42175 is a low-severity Improper Input Validation (CWE-20) vulnerability in Hcltech Dryice Myxalytics. Its CVSS base score is 2.6 (Low).

Operationally, ranked at the 39.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the improper input validation by requiring checks for special characters and length limits to prevent SQL injection, XSS, and buffer overflows.

SI-9 Information Input Restrictions good match

prevent

Enforces input restrictions such as maximum length and allowed characters at system boundaries, mitigating the lack of length validation and special character acceptance.

SI-15 Information Output Filtering partial match

prevent

Provides output filtering to mitigate XSS risks arising from unsanitized inputs containing special characters.

NVD Description

HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow.

Deeper analysisAI

CVE-2024-42175 is a weak input validation vulnerability in HCL MyXalytics. The application fails to properly sanitize inputs, accepting special characters without length restrictions, which can enable downstream issues such as SQL injection, cross-site scripting (XSS), and buffer overflows. This flaw is classified under CWE-20 (Improper Input Validation) with additional NVD-CWE-noinfo mapping, and it carries a low CVSS v3.1 base score of 2.6.

Exploitation requires network access (AV:N), high attack complexity (AC:H), low privileges (PR:L), and user interaction (UI:R), with no impact on confidentiality or availability (C:N/A:N) but low integrity impact (I:L) and unchanged scope (S:U). A low-privileged authenticated attacker could potentially leverage this by crafting malicious inputs that trick another user into interacting with them, leading to limited data manipulation consistent with the scored impacts and potential for the listed injection or overflow vectors.

Mitigation details are available in the HCL Software support knowledge base article at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149. Security practitioners should consult this advisory for patching instructions or workarounds specific to affected HCL MyXalytics deployments.

Details

CWE(s): CWE-20 NVD-CWE-noinfo

Affected Products

hcltech

dryice myxalytics

6.3

CVEs Like This One

CVE-2024-42176Same product: Hcltech Dryice Myxalytics

CVE-2024-42180Same product: Hcltech Dryice Myxalytics

CVE-2024-42172Same product: Hcltech Dryice Myxalytics

CVE-2024-42169Same product: Hcltech Dryice Myxalytics

CVE-2024-42168Same product: Hcltech Dryice Myxalytics

CVE-2024-42181Same product: Hcltech Dryice Myxalytics

CVE-2025-55270Same vendor: Hcltech

CVE-2025-52631Same vendor: Hcltech

CVE-2025-52626Same vendor: Hcltech

CVE-2025-55261Same vendor: Hcltech

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149
Vendor Advisory · psirt@hcl.com