What is CVE-2015-9107?

CVE-2015-9107 is a vulnerability in Zoho ManageEngine OpManager versions 11.0 to 12.2 that uses a custom encryption algorithm without a per-system key or salt, allowing the creation of a universal decryptor for credentials.

What is the severity of CVE-2015-9107?

The severity of CVE-2015-9107 is classified as critical because it allows unauthorized access to sensitive credentials.

How do I fix CVE-2015-9107?

To fix CVE-2015-9107, it is recommended to upgrade to a later version of Zoho ManageEngine OpManager that addresses this vulnerability.

Which versions of OpManager are affected by CVE-2015-9107?

CVE-2015-9107 affects ManageEngine OpManager versions from 11.0 to 12.2.

What should I do if I cannot upgrade due to CVE-2015-9107?

If you cannot upgrade due to CVE-2015-9107, consider implementing additional security measures such as restricting access and monitoring for suspicious activity.

Vulnerability/
CVE-2015-9107

critical

9.8

CWE

310

4/8/2017

6/8/2024

CVE-2015-9107

First published: Fri Aug 04 2017(Updated: )

Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
ManageEngine OpManager MSP	=11.0
ManageEngine OpManager MSP	=11.1
ManageEngine OpManager MSP	=11.2
ManageEngine OpManager MSP	=11.3
ManageEngine OpManager MSP	=11.4
ManageEngine OpManager MSP	=11.5
ManageEngine OpManager MSP	=11.6
ManageEngine OpManager MSP	=12.2

Never miss a vulnerability like this again

Reference Links

https://github.com/theguly/DecryptOpManager

Frequently Asked Questions

What is CVE-2015-9107?
CVE-2015-9107 is a vulnerability in Zoho ManageEngine OpManager versions 11.0 to 12.2 that uses a custom encryption algorithm without a per-system key or salt, allowing the creation of a universal decryptor for credentials.
What is the severity of CVE-2015-9107?
The severity of CVE-2015-9107 is classified as critical because it allows unauthorized access to sensitive credentials.
How do I fix CVE-2015-9107?
To fix CVE-2015-9107, it is recommended to upgrade to a later version of Zoho ManageEngine OpManager that addresses this vulnerability.
Which versions of OpManager are affected by CVE-2015-9107?
CVE-2015-9107 affects ManageEngine OpManager versions from 11.0 to 12.2.
What should I do if I cannot upgrade due to CVE-2015-9107?
If you cannot upgrade due to CVE-2015-9107, consider implementing additional security measures such as restricting access and monitoring for suspicious activity.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/weakness
agent/last-modified-date
agent/references
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/zohocorp
canonical/manageengine opmanager msp
version/manageengine opmanager msp/11.0
version/manageengine opmanager msp/11.1
version/manageengine opmanager msp/11.2
version/manageengine opmanager msp/11.3
version/manageengine opmanager msp/11.4
version/manageengine opmanager msp/11.5
version/manageengine opmanager msp/11.6
version/manageengine opmanager msp/12.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.