Primary

Context

HCL MyXalytics Static JWT Signing Secret Management Vulnerability

Vulnerability

A vulnerability exists in HCL MyXalytics versions 6.7, 6.6, 6.5, 6.4, 6.3, and 6.2 due to improper management of a static JSON Web Token (JWT) signing secret. The secret does not undergo regular rotation, creating a security risk.

Impact

This vulnerability could lead to unauthorized access or manipulation of JWTs, potentially allowing for impersonation or other malicious actions within the application.

Remediation

Users must upgrade to HCL MyXalytics version 6.7 to address this vulnerability. The HCL MyXalytics support team is available to assist with the upgrade process.

Added: Jan 16, 2026, 11:20 AM

Updated: Jan 16, 2026, 4:09 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.8

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.8

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL MyXalytics Static JWT Signing Secret Management Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating