# List of security vulnerabilities fixed in Analytics Plus on-premise

This page contains a list of all security vulnerabilities fixed in Analytics Plus on-premise along with their CVE ID and the fixed build number. To report vulnerabilities in ManageEngine products, head to ManageEngine's [Security Response Center](https://www.manageengine.com/manageengine-security-response-center.html).

| CVE ID/ZVE ID | Synopsis | Severity | Affected Builds | Fixed in |
|---|---|---|---|---|
| [CVE-2024-9100](https://www.manageengine.com/analytics-plus/CVE-2024-9100.html) | A Local File Inclusion (LFI) vulnerability has been discovered in Analytics Plus on-premise. This vulnerability enables an authenticated user to read arbitrary files from the server's file system through HSQLDB queries, potentially exposing sensitive information. | Medium | Analytics Plus on-Premise builds below 5410 | Build 5410 |
| [CVE-2024-52323](https://www.manageengine.com/analytics-plus/CVE-2024-52323.html) | A Sensitive Data Exposure vulnerability has been identified in Analytics Plus on-premise, allowing an authenticated user to retrieve sensitive tokens associated to the org-admin account. This could potentially lead to unintended privilege escalation. | High | Analytics Plus on-premise builds below 6100 | Build 6100 |
| [CVE-2025-1724](https://www.manageengine.com/analytics-plus/CVE-2025-1724.html) | A vulnerability has been discovered in Analytics Plus on-premise, which allows unauthorized access to authenticated AD user accounts. This could potentially lead to the unauthorized exposure of user information. | High | All Analytics Plus on-premise Windows builds below 6130 | Build 6130 |
| [CVE-2025-8324](https://www.manageengine.com/analytics-plus/CVE-2025-8324.html) | An unauthenticated SQL injection vulnerability (CVE-2025-8324) has been identified in Analytics Plus on-premise. This vulnerability could allow attackers to execute arbitrary SQL queries due to insufficient input validation. | Critical | Analytics Plus on-premise builds below 6170 | Build 6171 |
| [CVE-2025-9428](https://www.manageengine.com/analytics-plus/CVE-2025-9428.html) | A SQL injection vulnerability (CVE-2025-9428) has been identified in Analytics Plus on-Premise. This vulnerability could allow an authenticated user to execute arbitrary SQL queries due to insufficient input validation. | High | Analytics Plus on-premise builds below 6171 | Build 6200 |