CVE-2015-7765
ManageEngine OpManager - Remote Code Execution
Severity Score
9.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
ZOHO ManageEngine OpManager 11.5 build 11600 y anteriores utiliza una contraseƱa de 'plugin' embebida para la cuenta IntegrationUser, lo que permite a usuarios remotos autenticados obtener acceso de administrador aprovechando su conocimiento de esa contraseƱa.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-10-09 CVE Reserved
- 2015-10-09 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2015/Sep/66 | Mailing List |
|
| https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zohocorp Search vendor "Zohocorp" | Manageengine Opmanager Search vendor "Zohocorp" for product "Manageengine Opmanager" | 11.5 Search vendor "Zohocorp" for product "Manageengine Opmanager" and version "11.5" | - |
Affected
| ||||||