PT-2016-4007 · Intel Mcafee+1 · Epolicy Orchestrator+1
Chris Frohoff
+2
·
Published
2016-01-08
·
Updated
2019-02-14
·
CVE-2015-8765
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Intel McAfee ePolicy Orchestrator (ePO) versions 4.6.9 and earlier
Intel McAfee ePolicy Orchestrator (ePO) versions 5.0.x
Intel McAfee ePolicy Orchestrator (ePO) versions 5.1.x before 5.1.3 Hotfix 1106041
Intel McAfee ePolicy Orchestrator (ePO) versions 5.3.x before 5.3.1 Hotfix 1106041
Description
The issue allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Recommendations
For versions 4.6.9 and earlier, update to a version later than 4.6.9.
For versions 5.0.x, update to a version later than 5.0.x.
For versions 5.1.x before 5.1.3 Hotfix 1106041, apply Hotfix 1106041 or update to version 5.1.3 or later.
For versions 5.3.x before 5.3.1 Hotfix 1106041, apply Hotfix 1106041 or update to version 5.3.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Commons Collections
Epolicy Orchestrator