CVE-2015-9107

Severity CVSS v4.0:
Pending analysis
Type:
CWE-310 Cryptographic Issues
Publication date:
04/08/2017
Last modified:
20/04/2025

Description

Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:zohocorp:manageengine_opmanager:11.0:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.1:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.2:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.3:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.4:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.5:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.6:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.2:*:*:*:*:*:*:*