Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.
History

Wed, 27 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Manageengine
Manageengine analytic Plus
Weaknesses CWE-276
CPEs cpe:2.3:a:manageengine:analytic_plus:*:*:*:*:*:*:*:*
Vendors & Products Manageengine
Manageengine analytic Plus
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 27 Nov 2024 10:00:00 +0000

Type Values Removed Values Added
Description Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.
Title Sensitive Data Exposure
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ManageEngine

Published: 2024-11-27T09:54:07.999Z

Updated: 2024-11-27T14:28:29.127Z

Reserved: 2024-11-07T11:25:31.904Z

Link: CVE-2024-52323

cve-icon Vulnrichment

Updated: 2024-11-27T14:28:18.411Z

cve-icon NVD

Status : Received

Published: 2024-11-27T10:15:05.030

Modified: 2024-11-27T15:15:26.377

Link: CVE-2024-52323

cve-icon Redhat

No data.