Login Sign Up

CVE-2023-50350

8.2 HIGH

📋 TL;DR

HCL DRYiCE MyXalytics uses a broken cryptographic algorithm for encryption, potentially allowing attackers to decrypt sensitive information. This affects organizations using vulnerable versions of the software, exposing encrypted data to unauthorized access.

💻 Affected Systems

Products:
  • HCL DRYiCE MyXalytics
Versions: Specific versions not detailed in CVE; refer to vendor advisory for exact range.
Operating Systems: Not specified; likely cross-platform as it's a software product.
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability stems from use of broken cryptographic algorithms in encryption, affecting any configuration using this feature.

📦 What is this software?

Dryice Myxalytics by Hcltech

View all CVEs affecting Dryice Myxalytics →

Dryice Myxalytics by Hcltech

View all CVEs affecting Dryice Myxalytics →

Dryice Myxalytics by Hcltech

View all CVEs affecting Dryice Myxalytics →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers decrypt all encrypted sensitive data, leading to data breaches, compliance violations, and reputational damage.

🟠

Likely Case

Attackers decrypt specific encrypted data, such as credentials or personal information, for exploitation or sale.

🟢

If Mitigated

With proper controls like network segmentation and monitoring, impact is limited to isolated systems with minimal data exposure.

🌐 Internet-Facing: HIGH if exposed to the internet, as attackers can remotely exploit the vulnerability to access encrypted data.
🏢 Internal Only: MEDIUM if only internal, as insider threats or compromised accounts could exploit it, but external access is restricted.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires knowledge of the broken algorithm and access to encrypted data; no public exploits confirmed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to vendor advisory for specific patched versions.

Vendor Advisory: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608

Restart Required: Yes

Instructions:

1. Review vendor advisory for patch details. 2. Download and apply the patch from HCL support. 3. Restart the MyXalytics service to implement changes.

🔧 Temporary Workarounds

Disable vulnerable encryption features

all

Temporarily disable or reconfigure encryption to use secure algorithms if supported.

Specific commands not provided; consult product documentation for configuration changes.

🧯 If You Can't Patch

  • Isolate affected systems from untrusted networks to limit access.
  • Implement strict access controls and monitoring for unusual decryption activities.

🔍 How to Verify

Check if Vulnerable:

Check the software version against the vendor advisory; if using a vulnerable version, assume vulnerability.

Check Version:

Consult HCL DRYiCE MyXalytics documentation for version check commands; typically via admin interface or configuration files.

Verify Fix Applied:

Verify the installed version matches the patched version listed in the vendor advisory.

📡 Detection & Monitoring

Log Indicators:

  • Unusual decryption attempts or errors in encryption logs.

Network Indicators:

  • Suspicious traffic patterns to encryption endpoints.

SIEM Query:

Example: 'event_source:"MyXalytics" AND event_type:"encryption_error"'

📊 Metadata

CVE ID: CVE-2023-50350
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-327
Published: January 3, 2024
Last Updated: June 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50350, you might also want to check these:

CVE-2024-51478 9.9

This vulnerability in YesWiki allows attackers to recover password reset keys due to weak cryptograp...

Same vulnerability type (CWE-327)
CVE-2021-22738 9.8

This vulnerability in Schneider Electric homeLYnk and spaceLYnk systems allows attackers to brute-fo...

Same vulnerability type (CWE-327)
CVE-2025-69929 9.8

This vulnerability in N3uron Web User Interface v1.21.7-240207.1047 allows remote attackers to escal...

Same vulnerability type (CWE-327)