1 changes (1 new | 0 updated):

- 1 new CVEs: CVE-2024-52323 - 0 updated CVEs:
CVEProject · Nov 27, 2024 · 9c09715 · 9c09715
1 parent 33c1b20
commit 9c09715
Show file tree

Hide file tree

Showing 3 changed files with 119 additions and 5 deletions.
diff --git a/cves/2024/52xxx/CVE-2024-52323.json b/cves/2024/52xxx/CVE-2024-52323.json
@@ -0,0 +1,100 @@
+{
+    "dataType": "CVE_RECORD",
+    "dataVersion": "5.1",
+    "cveMetadata": {
+        "cveId": "CVE-2024-52323",
+        "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
+        "state": "PUBLISHED",
+        "assignerShortName": "ManageEngine",
+        "dateReserved": "2024-11-07T11:25:31.904Z",
+        "datePublished": "2024-11-27T09:54:07.999Z",
+        "dateUpdated": "2024-11-27T09:54:07.999Z"
+    },
+    "containers": {
+        "cna": {
+            "affected": [
+                {
+                    "collectionURL": "https://www.manageengine.com/analytics-plus/",
+                    "defaultStatus": "unaffected",
+                    "product": "Analytics Plus",
+                    "vendor": "ManageEngine",
+                    "versions": [
+                        {
+                            "lessThan": "6100",
+                            "status": "affected",
+                            "version": "0",
+                            "versionType": "6100"
+                        }
+                    ]
+                }
+            ],
+            "descriptions": [
+                {
+                    "lang": "en",
+                    "supportingMedia": [
+                        {
+                            "base64": false,
+                            "type": "text/html",
+                            "value": "Zohocorp&nbsp;ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account."
+                        }
+                    ],
+                    "value": "Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account."
+                }
+            ],
+            "metrics": [
+                {
+                    "cvssV3_1": {
+                        "attackComplexity": "LOW",
+                        "attackVector": "NETWORK",
+                        "availabilityImpact": "NONE",
+                        "baseScore": 8.1,
+                        "baseSeverity": "HIGH",
+                        "confidentialityImpact": "HIGH",
+                        "integrityImpact": "HIGH",
+                        "privilegesRequired": "LOW",
+                        "scope": "UNCHANGED",
+                        "userInteraction": "NONE",
+                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+                        "version": "3.1"
+                    },
+                    "format": "CVSS",
+                    "scenarios": [
+                        {
+                            "lang": "en",
+                            "value": "GENERAL"
+                        }
+                    ]
+                }
+            ],
+            "problemTypes": [
+                {
+                    "descriptions": [
+                        {
+                            "cweId": "CWE-200",
+                            "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
+                            "lang": "en",
+                            "type": "CWE"
+                        }
+                    ]
+                }
+            ],
+            "providerMetadata": {
+                "orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
+                "shortName": "ManageEngine",
+                "dateUpdated": "2024-11-27T09:54:07.999Z"
+            },
+            "references": [
+                {
+                    "url": "https://www.manageengine.com/analytics-plus/CVE-2024-52323.html"
+                }
+            ],
+            "source": {
+                "discovery": "UNKNOWN"
+            },
+            "title": "Sensitive Data Exposure",
+            "x_generator": {
+                "engine": "Vulnogram 0.2.0"
+            }
+        }
+    }
+}
diff --git a/cves/delta.json b/cves/delta.json
@@ -1,12 +1,12 @@
 {
-  "fetchTime": "2024-11-27T09:41:14.519Z",
+  "fetchTime": "2024-11-27T09:56:31.550Z",
   "numberOfChanges": 1,
   "new": [
     {
-      "cveId": "CVE-2024-11667",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11667",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11667.json",
-      "dateUpdated": "2024-11-27T09:39:41.691Z"
+      "cveId": "CVE-2024-52323",
+      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-52323",
+      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/52xxx/CVE-2024-52323.json",
+      "dateUpdated": "2024-11-27T09:54:07.999Z"
     }
   ],
   "updated": [],

diff --git a/cves/deltaLog.json b/cves/deltaLog.json
@@ -1,4 +1,18 @@
 [
+  {
+    "fetchTime": "2024-11-27T09:56:31.550Z",
+    "numberOfChanges": 1,
+    "new": [
+      {
+        "cveId": "CVE-2024-52323",
+        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-52323",
+        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/52xxx/CVE-2024-52323.json",
+        "dateUpdated": "2024-11-27T09:54:07.999Z"
+      }
+    ],
+    "updated": [],
+    "error": []
+  },
   {
     "fetchTime": "2024-11-27T09:41:14.519Z",
     "numberOfChanges": 1,