28 matches found
CVE-2024-52323
Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account...
CVE-2024-52323 Sensitive Data Exposure
Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account...
CVE-2024-52323
The connected sources confirm a vulnerability in ManageEngine Analytics Plus prior to version 6100 where the getOAToken method exposes sensitive tokens for the org-admin account. This allows authenticated users to retrieve tokens and may enable privilege escalation to org-admin resources. Mitigat...
PT-2024-35177 · Zohocorp · Manageengine Analytics Plus
Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Analytics Plus versions below 6100 Description: The issue allows authenticated sensitive data exposure, enabling users to retrieve sensitive tokens associated with the org-admin account. This is related to the getOAToken...
CVE-2020-21642
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code...
Directory traversal
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code...
CVE-2020-21641
Out-of-Band XML External Entity OOB-XXE vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file...
ZOHO ManageEngine Analytics Plus 路径遍历漏洞
ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO India. Get a better view of your IT data with rich visualizations and dashboards. A security vulnerability exists in ZOHO ManageEngine Analytics Plus prior to version 4350, which stems from a directory traversal...