PT-2015-7595 · Zoho · Zoho Manageengine Opmanager

Xistence

Published

2015-10-09

Updated

2015-10-09

CVE-2015-7765

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ZOHO ManageEngine OpManager versions 11.5 build 11600 and earlier

Description The issue allows remote authenticated users to obtain administrator access by leveraging knowledge of a hardcoded password. The hardcoded password is used for the IntegrationUser account.

Recommendations For ZOHO ManageEngine OpManager versions 11.5 build 11600 and earlier, change the hardcoded password plugin for the IntegrationUser account to a unique and secure password to prevent unauthorized access. As a temporary workaround, consider restricting access to the IntegrationUser account until a secure password is set.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-7765

Affected Products

Zoho Manageengine Opmanager

PT-2015-7595 · Zoho · Zoho Manageengine Opmanager

CVE-2015-7765

Related Identifiers

Affected Products

References · 7