Zohocorp: >> Manageengine Opmanager >> 11.6 Security Vulnerabilities
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
CVSS Score
9.8
EPSS Score
0.017
Published
2017-08-04
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
CVSS Score
9.0
EPSS Score
0.775
Published
2015-10-09