Severity: High
CVE ID: CVE-2024-52323
Product name | Affected Software Version(s) | Fixed Version | Fixed On |
---|---|---|---|
Analytics Plus on-premise | Analytics Plus on-premise builds below 6100 | Build 6100 | November 27, 2024 |
Details
A Sensitive Data Exposure vulnerability has been identified in Analytics Plus on-premise, allowing an authenticated user to retrieve sensitive tokens associated to the org-admin account. This could potentially lead to unintended privilege escalation.
Impact
This vulnerability enables an attacker to perform admin actions, such as adding or removing users and altering configurations.
Fix
We have addressed this issue by removing the unused and vulnerable code from our application to eliminate the vulnerability.
Steps to upgrade
Acknowledgements
This vulnerability was reported by Mohamed Mekkawy working with Trend Micro's Zero Day Initiative in our Bug Bounty portal.
If you have any questions or concerns, please contact product support at the email addresses below: