This page contains a list of all security vulnerabilities fixed in Analytics Plus on-premise along with their CVE ID and the fixed build number. To report vulnerabilities in ManageEngine products, head to ManageEngine's Security Response Center.
| CVE ID/ZVE ID | Synopsis | Severity | Affected Builds | Fixed in |
|---|---|---|---|---|
| CVE-2024-9100 | A Local File Inclusion (LFI) vulnerability has been discovered in Analytics Plus on-premise. This vulnerability enables an authenticated user to read arbitrary files from the server's file system through HSQLDB queries, potentially exposing sensitive information. | Medium | Analytics Plus on-Premise builds below 5410 | Build 5410 |
| CVE-2024-52323 | A Sensitive Data Exposure vulnerability has been identified in Analytics Plus on-premise, allowing an authenticated user to retrieve sensitive tokens associated to the org-admin account. This could potentially lead to unintended privilege escalation. | High | Analytics Plus on-premise builds below 6100 | Build 6100 |
