CVE-2015-9107
CRITICALZohocorp Manageengine Opmanager - Cryptographic Issue
Title source: ruleDescription
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/theguly/DecryptOpManager
Scores
CVSS v3
9.8
EPSS
0.0167
EPSS Percentile
82.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-310
Status
published
Products (8)
zohocorp/manageengine_opmanager
11.0
zohocorp/manageengine_opmanager
11.1
zohocorp/manageengine_opmanager
11.2
zohocorp/manageengine_opmanager
11.3
zohocorp/manageengine_opmanager
11.4
zohocorp/manageengine_opmanager
11.5
zohocorp/manageengine_opmanager
11.6
zohocorp/manageengine_opmanager
12.2
Published
Aug 04, 2017
Tracked Since
Feb 18, 2026