CVE-2024-52323

Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine Analytics Plus versions below 6100

Description The issue allows authenticated sensitive data exposure, enabling users to retrieve sensitive tokens associated with the org-admin account. This is related to the getOAToken method, which is exposed and can lead to privilege escalation. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions below 6100, upgrade to a version 6100 or later to mitigate the risk of sensitive data exposure. As a temporary workaround, consider restricting access to the getOAToken method until a patch is available.