Vulnerabilities > CVE-2015-8765 - Unspecified vulnerability in Mcafee Epolicy Orchestrator
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Vulnerable Configurations
Nessus
| NASL family | Windows |
| NASL id | MCAFEE_EPO_SB10144.NASL |
| description | The McAfee ePolicy Orchestrator (ePO) installed on the remote Windows host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this to execute arbitrary code on the target host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 88624 |
| published | 2016-02-08 |
| reporter | This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/88624 |
| title | McAfee ePolicy Orchestrator Java Object Deserialization RCE |