Cyber Resilience

CVE-2024-42181

Low

Published: 12 January 2025

Published
12 January 2025
Modified
16 May 2025
KEV Added
Patch
CVSS Score v3.1 1.6 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0013 33.0th percentile
Risk Priority 3 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-42181 is a low-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Hcltech Dryice Myxalytics. Its CVSS base score is 1.6 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 33.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2024-42181 is a cleartext transmission of sensitive information vulnerability (CWE-319) affecting HCL MyXalytics. The application transmits sensitive or security-critical data in cleartext over a communication channel that can be sniffed by unauthorized actors. This issue was published on 2025-01-12 and carries a CVSS v3.1 base score of 1.6 (AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N), indicating low severity due to its restrictive requirements.

Exploitation requires physical access (AV:P) to the system, high attack complexity (AC:H), and high privileges (PR:H), with no user interaction needed (UI:N). Successful attackers can achieve low-impact confidentiality disclosure (C:L), such as sniffing sensitive data transmitted in cleartext, but with no impact on integrity or availability and unchanged scope (S:U).

The HCL support knowledge base article at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149 provides further details on this vulnerability, including potential mitigation guidance.

EU & UK References

Vulnerability details

HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. The application transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
Why these techniques?

Cleartext transmission (CWE-319) directly enables network sniffing to capture sensitive data in transit.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-42180Same product: Hcltech Dryice Myxalytics
CVE-2024-42169Same product: Hcltech Dryice Myxalytics
CVE-2024-42175Same product: Hcltech Dryice Myxalytics
CVE-2024-42172Same product: Hcltech Dryice Myxalytics
CVE-2024-42168Same product: Hcltech Dryice Myxalytics
CVE-2024-42176Same product: Hcltech Dryice Myxalytics
CVE-2026-23661Shared CWE-319
CVE-2025-70048Shared CWE-319
CVE-2024-43187Shared CWE-319
CVE-2025-0556Shared CWE-319

Affected Assets

hcltech
dryice myxalytics
6.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-8 requires protecting the confidentiality of transmitted information, directly preventing sniffing of cleartext sensitive data in the communication channel.

prevent

SC-13 mandates cryptographic mechanisms to prevent unauthorized disclosure of information during transmission, comprehensively addressing the cleartext vulnerability.

prevent

PE-4 controls physical access to transmission media, mitigating the physical access vector required to sniff the cleartext communications.

References