CVE-2024-52323

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Nov 27, 2024
CWE ID 200
CWE ID 276

Summary

CVE-2024-52323 is a vulnerability affecting ManageEngine Analytics Plus versions prior to 6100. This issue grants authenticated users the ability to expose sensitive tokens linked to the org-admin account. By exploiting this vulnerability, attackers can gain unauthorized access to sensitive data within the affected system. The exposure of these tokens poses a significant risk to the security and confidentiality of data handled by the impacted ManageEngine Analytics Plus installations. Organizations running affected versions are urged to update to the latest release as soon as possible to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share