CVE-2024-42181

Low

Published: 12 January 2025

Published

12 January 2025

Modified

16 May 2025

KEV Added

—

Patch

—

CVSS Score 1.6 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0010 26.8th percentile

Risk Priority 3 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-42181 is a low-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Hcltech Dryice Myxalytics. Its CVSS base score is 1.6 (Low).

Operationally, ranked at the 26.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-8 Transmission Confidentiality and Integrity good match

prevent

SC-8 requires protecting the confidentiality of transmitted information, directly preventing sniffing of cleartext sensitive data in the communication channel.

SC-13 Cryptographic Protection good match

prevent

SC-13 mandates cryptographic mechanisms to prevent unauthorized disclosure of information during transmission, comprehensively addressing the cleartext vulnerability.

PE-4 Access Control for Transmission partial match

prevent

PE-4 controls physical access to transmission media, mitigating the physical access vector required to sniff the cleartext communications.

NVD Description

HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. The application transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Deeper analysisAI

CVE-2024-42181 is a cleartext transmission of sensitive information vulnerability (CWE-319) affecting HCL MyXalytics. The application transmits sensitive or security-critical data in cleartext over a communication channel that can be sniffed by unauthorized actors. This issue was published on 2025-01-12 and carries a CVSS v3.1 base score of 1.6 (AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N), indicating low severity due to its restrictive requirements.

Exploitation requires physical access (AV:P) to the system, high attack complexity (AC:H), and high privileges (PR:H), with no user interaction needed (UI:N). Successful attackers can achieve low-impact confidentiality disclosure (C:L), such as sniffing sensitive data transmitted in cleartext, but with no impact on integrity or availability and unchanged scope (S:U).

The HCL support knowledge base article at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149 provides further details on this vulnerability, including potential mitigation guidance.

Details

CWE(s): CWE-319

Affected Products

hcltech

dryice myxalytics

6.3

CVEs Like This One

CVE-2024-42168Same product: Hcltech Dryice Myxalytics

CVE-2024-42175Same product: Hcltech Dryice Myxalytics

CVE-2024-42172Same product: Hcltech Dryice Myxalytics

CVE-2024-42176Same product: Hcltech Dryice Myxalytics

CVE-2024-42169Same product: Hcltech Dryice Myxalytics

CVE-2024-42180Same product: Hcltech Dryice Myxalytics

CVE-2025-52636Same vendor: Hcltech

CVE-2025-55267Same vendor: Hcltech

CVE-2024-30150Same vendor: Hcltech

CVE-2025-52626Same vendor: Hcltech

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149
Vendor Advisory · psirt@hcl.com