CVE-2023-50341 - Vulnerability Details - OpenCVE

HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00066.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hcltech	Dryice Myxalytics

Configuration 1 [-]

OR	cpe:2.3:a:hcltech:dryice_myxalytics:5.9:::::::*
	cpe:2.3:a:hcltech:dryice_myxalytics:6.0:::::::*
	cpe:2.3:a:hcltech:dryice_myxalytics:6.1:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-55142	HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608

History

Wed, 18 Jun 2025 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2024-01-03T02:42:20.178Z

Updated: 2025-06-18T15:30:37.179Z

Reserved: 2023-12-07T03:55:55.604Z

Link: CVE-2023-50341

Vulnrichment

Updated: 2024-08-02T22:16:46.631Z

NVD

Status : Modified

Published: 2024-01-03T03:15:10.127

Modified: 2025-06-18T16:15:22.750

Link: CVE-2023-50341

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50341", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2023-12-07T03:55:55.604Z", "datePublished": "2024-01-03T02:42:20.178Z", "dateUpdated": "2025-06-18T15:30:37.179Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DRYiCE MyXalytics", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "5.9, 6.0, 6.1"}]}], "datePublic": "2024-01-03T00:22:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a \"Missing Access Control\" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.<br>"}], "value": "HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a \"Missing Access Control\" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-01-03T02:42:20.178Z"}, "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Access Control affects DRYiCE MyXalytics", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:16:46.631Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-03T15:35:55.299815Z", "id": "CVE-2023-50341", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-18T15:30:37.179Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50341", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2023-12-07T03:55:55.604Z", "datePublished": "2024-01-03T02:42:20.178Z", "dateUpdated": "2025-06-18T15:30:37.179Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DRYiCE MyXalytics", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "5.9, 6.0, 6.1"}]}], "datePublic": "2024-01-03T00:22:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a \"Missing Access Control\" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.<br>"}], "value": "HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a \"Missing Access Control\" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-01-03T02:42:20.178Z"}, "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Access Control affects DRYiCE MyXalytics", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:16:46.631Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-50341", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-03T15:35:55.299815Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-18T15:30:31.825Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "D13FF107-A7BD-4925-B5A2-B44983C3713B", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "F872BB54-B3D7-4C48-A8AB-893B566380E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "CF8533C9-FB63-45EE-8FD4-5C69CB19F362", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a \"Missing Access Control\" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.\n"}, {"lang": "es", "value": "HCL DRYiCE MyXalytics se ve afectado por una vulnerabilidad de control de acceso inadecuado (p\u00e1ginas web obsoletas). El descubrimiento de p\u00e1ginas web obsoletas y accesibles refleja una vulnerabilidad de \"Missing Access Control\", que podr\u00eda provocar la exposici\u00f3n inadvertida de informaci\u00f3n confidencial y/o la exposici\u00f3n de un endpoint vulnerable."}], "id": "CVE-2023-50341", "lastModified": "2025-06-18T16:15:22.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-03T03:15:10.127", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}