PT-2016-4007 · Intel Mcafee+1 · Epolicy Orchestrator+1

Chris Frohoff

Publicado

2016-01-08

Atualizado

2019-02-14

CVE-2015-8765

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Intel McAfee ePolicy Orchestrator (ePO) versions 4.6.9 and earlier Intel McAfee ePolicy Orchestrator (ePO) versions 5.0.x Intel McAfee ePolicy Orchestrator (ePO) versions 5.1.x before 5.1.3 Hotfix 1106041 Intel McAfee ePolicy Orchestrator (ePO) versions 5.3.x before 5.3.1 Hotfix 1106041

Description The issue allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Recommendations For versions 4.6.9 and earlier, update to a version later than 4.6.9. For versions 5.0.x, update to a version later than 5.0.x. For versions 5.1.x before 5.1.3 Hotfix 1106041, apply Hotfix 1106041 or update to version 5.1.3 or later. For versions 5.3.x before 5.3.1 Hotfix 1106041, apply Hotfix 1106041 or update to version 5.3.1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2015-8765

Produtos afetados

Apache Commons Collections

Epolicy Orchestrator

PT-2016-4007 · Intel Mcafee+1 · Epolicy Orchestrator+1

CVE-2015-8765

Identificadores relacionados

Produtos afetados

Referências · 4