CVE

Id
85042  
CVE No.
CVE-2015-7765  
Status
Candidate  
Description
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.  
Phase
Assigned (20151009)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
751166 85042 CVE-2015-7765 EXPLOIT-DB:38221  View
751167 85042 CVE-2015-7765 URL:https://www.exploit-db.com/exploits/38221/  View
751168 85042 CVE-2015-7765 FULLDISC:20150915 ManageEngine OpManager multiple vulnerabilities  View
751169 85042 CVE-2015-7765 URL:http://seclists.org/fulldisclosure/2015/Sep/66  View
751170 85042 CVE-2015-7765 MISC:http://packetstormsecurity.com/files/133596/ManageEngine-OpManager-Remote-Code-Execution.html  View
751171 85042 CVE-2015-7765 MISC:http://www.rapid7.com/db/modules/exploit/windows/http/manage_engine_opmanager_rce  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
10598 JVNDB-2015-005918 IBM System Networking Switch Center および Lenovo Switch Center における特権アカウントのアクセス権を取得される脆弱性 IBM System Networking Switch Center (SNSC) および Lenovo Switch Center の管理パネルの Web サービスには、競合状態により、特権アカウントのアクセス権を取得され、その結果、任意のファイルを読むためのディレクトリトラバーサルシーケンスを含む FileReader.jsp 入力を提供される脆弱性が存在します。 CVE-2015-7817 85042 7.1 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-005918.html  View