Описание
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-7765
- https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability
- https://www.exploit-db.com/exploits/38221
- http://packetstormsecurity.com/files/133596/ManageEngine-OpManager-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2015/Sep/66
- http://www.rapid7.com/db/modules/exploit/windows/http/manage_engine_opmanager_rce
EPSS
Процентиль: 99%
0.80848
Высокий
CVE ID
Связанные уязвимости
nvd
больше 10 лет назад
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
EPSS
Процентиль: 99%
0.80848
Высокий