Main Vulnerability Database Vulnerabilities #VU101747

Exposed dangerous method or function in ManageEngine Analytics Plus - CVE-2024-52323

Published: December 12, 2024

Vulnerability identifier: #VU101747

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-52323

CWE-ID: CWE-749

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Zoho Corporation

Affected software:
ManageEngine Analytics Plus

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to exposed dangerous method or function within the implementation of the getOAToken action, which leads to security restrictions bypass and privilege escalation.

How to mitigate CVE-2024-52323

Install updates from vendor's website.

Sources

https://www.manageengine.com/analytics-plus/CVE-2024-52323.html
https://www.zerodayinitiative.com/advisories/ZDI-24-1676/

Exposed dangerous method or function in ManageEngine Analytics Plus - CVE-2024-52323

Detailed vulnerability description

How to mitigate CVE-2024-52323

Sources

Please verify you're human