Mohamed Mekkawy

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine Analytics Plus versions below 6100 **Description** The issue allows authenticated sensitive data exposure, enabling users to retrieve sensitive tokens associated with the org-admin account. This is related to the `getOAToken` method, which is exposed and can lead to privilege escalation. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions below 6100, upgrade to a version 6100 or later to mitigate the risk of sensitive data exposure. As a temporary workaround, consider restricting access to the `getOAToken` method until a patch is available.