Описание
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm.
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-15106
- https://www.exploit-db.com/exploits/47229
- https://www.manageengine.com/network-monitoring/security-updates/cve-2019-15106.html
- https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15106.html
- http://pentest.com.tr/exploits/DEFCON-ManageEngine-OpManager-v12-4-Unauthenticated-Remote-Command-Execution.html
EPSS
CVE ID
Связанные уязвимости
An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm.
EPSS