VYPR
Critical severity9.8NVD Advisory· Published Jan 23, 2017· Updated Jun 17, 2026

CVE-2016-6602

CVE-2016-6602

Description

ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1:*:*:*:*:*:*
  • Range: 5.2, 5.2 SP1

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.