This page contains a list of all security vulnerabilities fixed in Analytics Plus on-premise along with their CVE ID and the fixed build number. To report vulnerabilities in ManageEngine products, head to ManageEngine's Security Response Center.
| CVE ID/ZVE ID | Synopsis | Severity | Affected Builds | Fixed in |
|---|---|---|---|---|
| CVE-2024-9100 | A Local File Inclusion (LFI) vulnerability has been discovered in Analytics Plus on-premise. This vulnerability enables an authenticated user to read arbitrary files from the server's file system through HSQLDB queries, potentially exposing sensitive information. | Medium | Analytics Plus on-Premise builds below 5410 | Build 5410 |
| CVE-2024-52323 | A Sensitive Data Exposure vulnerability has been identified in Analytics Plus on-premise, allowing an authenticated user to retrieve sensitive tokens associated to the org-admin account. This could potentially lead to unintended privilege escalation. | High | Analytics Plus on-premise builds below 6100 | Build 6100 |
| CVE-2025-1724 | A vulnerability has been discovered in Analytics Plus on-premise, which allows unauthorized access to authenticated AD user accounts. This could potentially lead to the unauthorized exposure of user information. | High | All Analytics Plus on-premise Windows builds below 6130 | Build 6130 |
| CVE-2025-8324 | An unauthenticated SQL injection vulnerability (CVE-2025-8324) has been identified in Analytics Plus on-premise. This vulnerability could allow attackers to execute arbitrary SQL queries due to insufficient input validation. | Critical | Analytics Plus on-premise builds below 6170 | Build 6171 |
| CVE-2025-9428 | A SQL injection vulnerability (CVE-2025-9428) has been identified in Analytics Plus on-Premise. This vulnerability could allow an authenticated user to execute arbitrary SQL queries due to insufficient input validation. | High | Analytics Plus on-premise builds below 6171 | Build 6200 |
