CVE-2024-52323

CWE-200Information ExposureCWE-276Incorrect Default Permissions3 documents3 sources
Severity
8.1HIGH
EPSS
0.7%
top 28.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Manageengine Analytics PlusZohocorp Manageengine Analytics Plus
Timeline
PublishedNov 27

Description

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5manageengine/analytics_plus< 6100

🔴Vulnerability Details

2
GHSA
GHSA-vhw5-84xr-rjmq: Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve se2024-11-27
CVEList
Sensitive Data Exposure2024-11-27
CVE-2024-52323 (HIGH CVSS 8.1) | Zohocorp ManageEngine Analytics Plu | cvebase.io