Is CVE-2015-7765 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Zohocorp Manageengine_opmanager

CVE-2015-7765

ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.

EPSS: 0.777 (99.0th percentile) — read the EPSS interpretation.

Affected products

Zohocorp Manageengine_opmanager — versions 11.5
N/a — versions n/a

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (Exploit, x_refsource_MISC)
20150915 ManageEngine OpManager multiple vulnerabilities (mailing-list, x_refsource_FULLDISC)
cve@mitre.org (Exploit, x_refsource_MISC)
38221 (Exploit, exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2015-7765?: CVE-2015-7765 is a vulnerability in Zohocorp Manageengine_opmanager. Published 2015-10-09.
Is CVE-2015-7765 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.