CVE-2024-52323 - Vulnerability Details - OpenCVE

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Manageengine	Analytic Plus
Zohocorp	Manageengine Analytics Plus

Configuration 1 [-]

cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.manageengine.com/analytics-plus/CVE-2024-52323.html

History

Tue, 17 Jun 2025 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zohocorp Zohocorp manageengine Analytics Plus
CPEs		cpe:2.3:a:zohocorp:manageengine_analytics_plus::::::::
Vendors & Products		Zohocorp Zohocorp manageengine Analytics Plus

Wed, 27 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Manageengine Manageengine analytic Plus
Weaknesses		CWE-276
CPEs		cpe:2.3:a:manageengine:analytic_plus::::::::
Vendors & Products		Manageengine Manageengine analytic Plus
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 27 Nov 2024 10:00:00 +0000

Type	Values Removed	Values Added
Description		Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.
Title		Sensitive Data Exposure
Weaknesses		CWE-200
References		https://www.manageengine.com/analytics-plus/CVE-2024-52323.html
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ManageEngine

Published: 2024-11-27T09:54:07.999Z

Updated: 2024-11-27T14:28:29.127Z

Reserved: 2024-11-07T11:25:31.904Z

Link: CVE-2024-52323

Vulnrichment

Updated: 2024-11-27T14:28:18.411Z

NVD

Status : Analyzed

Published: 2024-11-27T10:15:05.030

Modified: 2025-06-17T20:18:25.450

Link: CVE-2024-52323

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52323", "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "state": "PUBLISHED", "assignerShortName": "ManageEngine", "dateReserved": "2024-11-07T11:25:31.904Z", "datePublished": "2024-11-27T09:54:07.999Z", "dateUpdated": "2024-11-27T14:28:29.127Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.manageengine.com/analytics-plus/", "defaultStatus": "unaffected", "product": "Analytics Plus", "vendor": "ManageEngine", "versions": [{"lessThan": "6100", "status": "affected", "version": "0", "versionType": "6100"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account."}], "value": "Zohocorp\u00a0ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "shortName": "ManageEngine", "dateUpdated": "2024-11-27T09:54:07.999Z"}, "references": [{"url": "https://www.manageengine.com/analytics-plus/CVE-2024-52323.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Sensitive Data Exposure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}], "affected": [{"vendor": "manageengine", "product": "analytic_plus", "cpes": ["cpe:2.3:a:manageengine:analytic_plus:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "6100", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-27T14:17:55.542421Z", "id": "CVE-2024-52323", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T14:28:29.127Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-52323", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-27T14:17:55.542421Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:manageengine:analytic_plus:*:*:*:*:*:*:*:*"], "vendor": "manageengine", "product": "analytic_plus", "versions": [{"status": "affected", "version": "0", "lessThan": "6100", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T14:28:18.411Z"}}], "cna": {"title": "Sensitive Data Exposure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ManageEngine", "product": "Analytics Plus", "versions": [{"status": "affected", "version": "0", "lessThan": "6100", "versionType": "6100"}], "collectionURL": "https://www.manageengine.com/analytics-plus/", "defaultStatus": "unaffected"}], "references": [{"url": "https://www.manageengine.com/analytics-plus/CVE-2024-52323.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Zohocorp\u00a0ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.", "supportingMedia": [{"type": "text/html", "value": "Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "shortName": "ManageEngine", "dateUpdated": "2024-11-27T09:54:07.999Z"}}}, "cveMetadata": {"cveId": "CVE-2024-52323", "state": "PUBLISHED", "dateUpdated": "2024-11-27T14:28:29.127Z", "dateReserved": "2024-11-07T11:25:31.904Z", "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "datePublished": "2024-11-27T09:54:07.999Z", "assignerShortName": "ManageEngine"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB8F6B2-6E06-4BE7-9AC9-A8D26F25C67B", "versionEndExcluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zohocorp\u00a0ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account."}, {"lang": "es", "value": "Las versiones de Zohocorp ManageEngine Analytics Plus anteriores a 6100 son vulnerables a la exposici\u00f3n de datos confidenciales autenticados, lo que permite a los usuarios recuperar tokens confidenciales asociados a la cuenta de administrador de la organizaci\u00f3n."}], "id": "CVE-2024-52323", "lastModified": "2025-06-17T20:18:25.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "0fc0942c-577d-436f-ae8e-945763c79b02", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-27T10:15:05.030", "references": [{"source": "0fc0942c-577d-436f-ae8e-945763c79b02", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com/analytics-plus/CVE-2024-52323.html"}], "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "0fc0942c-577d-436f-ae8e-945763c79b02", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}