Описание
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:zohocorp:manageengine_opmanager:11.0:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.1:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.2:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.3:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.4:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.5:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:11.6:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.2:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01665
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
EPSS
Процентиль: 82%
0.01665
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-310