CVE-2024-42168 – HCL MyXalytics has an out-of-band resource load... (How to Fix)

Q: What is the severity of CVE-2024-42168?

CVE-2024-42168 has a CVSS score of 8.9 (HIGH). HCL MyXalytics has an out-of-band resource load vulnerability where attackers can host malicious web content and trick the application into fetching and processing it. This affects all users running vulnerable versions of HCL MyXalytics, potentially leading to data exposure or system compromise.

📋 TL;DR

HCL MyXalytics has an out-of-band resource load vulnerability where attackers can host malicious web content and trick the application into fetching and processing it. This affects all users running vulnerable versions of HCL MyXalytics, potentially leading to data exposure or system compromise.

💻 Affected Systems

Products:

HCL MyXalytics

Versions: All versions prior to the fix

Operating Systems: All supported operating systems

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Dryice Myxalytics by Hcltech

View all CVEs affecting Dryice Myxalytics →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover through remote code execution, data exfiltration, or installation of persistent backdoors.

🟠

Likely Case

Data leakage, unauthorized access to sensitive information, or limited system manipulation through malicious payloads.

🟢

If Mitigated

Minimal impact with proper network segmentation and input validation controls in place.

🌐 Internet-Facing: HIGH - Attackers can host malicious servers anywhere on the internet and induce the application to connect to them.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this by hosting malicious content on internal networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to control a web server and trick the application into making HTTP requests to it.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to HCL advisory for specific patched versions

Vendor Advisory: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149

Restart Required: No

Instructions:

1. Review HCL advisory KB0118149. 2. Download and apply the latest patch from HCL. 3. Verify the patch is applied correctly.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict outbound HTTP connections from MyXalytics to trusted domains only

Input Validation

all

Implement strict validation on all user inputs that could trigger HTTP requests

🧯 If You Can't Patch

Implement strict egress filtering to block MyXalytics from making HTTP requests to untrusted domains
Monitor all outbound HTTP traffic from MyXalytics systems for anomalies

🔍 How to Verify

Check if Vulnerable:

Check your MyXalytics version against the patched versions listed in HCL advisory KB0118149

Check Version:

Check MyXalytics administration interface or configuration files for version information

Verify Fix Applied:

Confirm your version is updated to a patched release specified in the HCL advisory

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from MyXalytics
Requests to unknown or suspicious domains

Network Indicators:

MyXalytics making HTTP requests to unexpected external IPs
Unusual traffic patterns from MyXalytics servers

SIEM Query:

source="myxalytics" AND (dest_ip NOT IN trusted_networks) AND protocol="http"

📊 Metadata

CVE ID: CVE-2024-42168

CVSS v3 Score: 8.9 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

CWE: CWE-610

EPSS Score: 0.17% exploit probability (38.4th percentile)

Published: January 11, 2025

Last Updated: May 16, 2025

🔗 References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118149 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42168, you might also want to check these: