Cyber Resilience

CVE-2024-42180

Low

Published: 12 January 2025

Published
12 January 2025
Modified
16 May 2025
KEV Added
Patch
CVSS Score v3.1 1.6 CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
EPSS Score 0.0017 38.2th percentile
Risk Priority 3 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-42180 is a low-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Hcltech Dryice Myxalytics. Its CVSS base score is 1.6 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked at the 38.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2024-42180 is a malicious file upload vulnerability in HCL MyXalytics. The application accepts invalid file uploads, including those with incorrect content types, double extensions, null bytes, and special characters. This flaw enables attackers to upload and execute malicious files, corresponding to CWE-434 (Unrestricted Upload of File with Dangerous Type). The vulnerability has a low CVSS v3.1 base score of 1.6.

Exploitation requires physical access (AV:P), high attack complexity (AC:H), high privileges (PR:H), and user interaction (UI:R), with no impact on confidentiality or availability and only low integrity impact (I:L). Attackers with these prerequisites, such as privileged insiders with physical proximity, can trick users into processing malicious uploads, potentially leading to unauthorized file execution and limited integrity compromise within the unchanged scope (S:U).

HCL has published a knowledge base article addressing the vulnerability: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149.

EU & UK References

Vulnerability details

HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1036.007 Double File Extension Stealth
Adversaries may abuse a double extension in the filename as a means of masquerading the true file type.
Why these techniques?

Unrestricted file upload (CWE-434) with double extensions directly enables web shell deployment (T1505.003) and masquerading via double extensions (T1036.007) for execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-42169Same product: Hcltech Dryice Myxalytics
CVE-2024-42168Same product: Hcltech Dryice Myxalytics
CVE-2024-42181Same product: Hcltech Dryice Myxalytics
CVE-2024-42175Same product: Hcltech Dryice Myxalytics
CVE-2024-42172Same product: Hcltech Dryice Myxalytics
CVE-2024-42176Same product: Hcltech Dryice Myxalytics
CVE-2025-55267Same vendor: Hcltech
CVE-2025-55251Same vendor: Hcltech
CVE-2025-52660Same vendor: Hcltech
CVE-2025-55261Same vendor: Hcltech

Affected Assets

hcltech
dryice myxalytics
6.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly enforces validation of file uploads to reject invalid content types, double extensions, null bytes, and special characters, preventing unrestricted upload of dangerous files.

preventdetect

SI-3 deploys malicious code protection at entry points to scan and eradicate malicious files before execution, mitigating the risk of uploaded dangerous files.

prevent

SI-9 restricts information inputs at boundaries to only permitted file types and handles invalid inputs, addressing aspects of unrestricted uploads.

References