PT-2017-7553 · Zoho · Zoho Manageengine Opmanager

Theguly

Published

2017-08-04

Updated

2017-08-15

CVE-2015-9107

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine OpManager versions 11 through 12.2

Description The issue concerns the custom encryption algorithm used to protect credentials for accessing monitored devices. This algorithm lacks a per-system key or salt, making it possible to create a universal decryptor.

Recommendations For versions 11 through 12.2, consider disabling the custom encryption algorithm until a secure alternative is implemented. Restrict access to monitored devices to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2015-9107

Affected Products

Zoho Manageengine Opmanager

PT-2017-7553 · Zoho · Zoho Manageengine Opmanager

CVE-2015-9107

Weakness Enumeration

Related Identifiers

Affected Products

References · 2