CVE-2015-9107

Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
zohocorpmanageengine_opmanager
11.0
zohocorpmanageengine_opmanager
11.1
zohocorpmanageengine_opmanager
11.2
zohocorpmanageengine_opmanager
11.3
zohocorpmanageengine_opmanager
11.4
zohocorpmanageengine_opmanager
11.5
zohocorpmanageengine_opmanager
11.6
zohocorpmanageengine_opmanager
12.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/theguly/DecryptOpManager
https://github.com/theguly/DecryptOpManager