Lucene search
+L

28 matches found

OSV
OSV
added 2024/11/27 10:15 a.m.5 views

CVE-2024-52323

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account...

8.1CVSS5.8AI score0.01128EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/27 9:54 a.m.24 views

CVE-2024-52323 Sensitive Data Exposure

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account...

8.1CVSS0.01128EPSS
Exploits0References1
CVE
CVE
added 2024/11/27 9:54 a.m.62 views

CVE-2024-52323

The connected sources confirm a vulnerability in ManageEngine Analytics Plus prior to version 6100 where the getOAToken method exposes sensitive tokens for the org-admin account. This allows authenticated users to retrieve tokens and may enable privilege escalation to org-admin resources. Mitigat...

8.1CVSS8AI score0.01128EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/27 12:0 a.m.8 views

PT-2024-35177 · Zohocorp · Manageengine Analytics Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Analytics Plus versions below 6100 Description: The issue allows authenticated sensitive data exposure, enabling users to retrieve sensitive tokens associated with the org-admin account. This is related to the getOAToken...

8.1CVSS6.8AI score0.01128EPSS
Exploits0References7
NVD
NVD
added 2022/08/15 8:15 p.m.21 views

CVE-2020-21642

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code...

9.8CVSS0.07731EPSS
Exploits0References1
Prion
Prion
added 2022/08/15 8:15 p.m.15 views

Directory traversal

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code...

7.5CVSS9.4AI score0.07731EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/15 7:10 p.m.24 views

CVE-2020-21641

Out-of-Band XML External Entity OOB-XXE vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file...

7.5AI score0.04305EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/15 12:0 a.m.4 views

ZOHO ManageEngine Analytics Plus 路径遍历漏洞

ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO India. Get a better view of your IT data with rich visualizations and dashboards. A security vulnerability exists in ZOHO ManageEngine Analytics Plus prior to version 4350, which stems from a directory traversal...

9.8CVSS8.8AI score0.07731EPSS
Exploits0References2
Rows per page
Query Builder