Vulnerability Details CVE-2015-9107
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
Products affected by CVE-2015-9107
-
cpe:2.3:a:zohocorp:manageengine_opmanager:11.0
-
cpe:2.3:a:zohocorp:manageengine_opmanager:11.1
-
cpe:2.3:a:zohocorp:manageengine_opmanager:11.2
-
cpe:2.3:a:zohocorp:manageengine_opmanager:11.3
-
cpe:2.3:a:zohocorp:manageengine_opmanager:11.4
-
cpe:2.3:a:zohocorp:manageengine_opmanager:11.5
-
cpe:2.3:a:zohocorp:manageengine_opmanager:11.6
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.2