CVE-2015-9107

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine OpManager versions 11 through 12.2

Description The issue concerns the custom encryption algorithm used to protect credentials for accessing monitored devices. This algorithm lacks a per-system key or salt, making it possible to create a universal decryptor.

Recommendations For versions 11 through 12.2, consider disabling the custom encryption algorithm until a secure alternative is implemented. Restrict access to monitored devices to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.