CVE-2015-2859

EUVD-2015-2947
Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
mcafeeepolicy_orchestrator
4.0
mcafeeepolicy_orchestrator
4.5.0
mcafeeepolicy_orchestrator
4.5.3
mcafeeepolicy_orchestrator
4.5.4
mcafeeepolicy_orchestrator
4.5.5
mcafeeepolicy_orchestrator
4.5.6
mcafeeepolicy_orchestrator
4.5.7
mcafeeepolicy_orchestrator
4.6.0
mcafeeepolicy_orchestrator
4.6.1
mcafeeepolicy_orchestrator
4.6.2
mcafeeepolicy_orchestrator
4.6.3
mcafeeepolicy_orchestrator
4.6.4
mcafeeepolicy_orchestrator
4.6.5
mcafeeepolicy_orchestrator
4.6.6
mcafeeepolicy_orchestrator
4.6.7
mcafeeepolicy_orchestrator
4.6.8
mcafeeepolicy_orchestrator
4.6.9
mcafeeepolicy_orchestrator
5.0.0
mcafeeepolicy_orchestrator
5.0.1
mcafeeepolicy_orchestrator
5.1.0
mcafeeepolicy_orchestrator
5.1.1
mcafeeepolicy_orchestrator
5.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/264092
http://www.securityfocus.com/bid/75020
http://www.securitytracker.com/id/1032571
https://kc.mcafee.com/corporate/index?page=content&id=KB84628
https://kc.mcafee.com/corporate/index?page=content&id=SB10120
http://www.kb.cert.org/vuls/id/264092
http://www.securityfocus.com/bid/75020
http://www.securitytracker.com/id/1032571
https://kc.mcafee.com/corporate/index?page=content&id=KB84628
https://kc.mcafee.com/corporate/index?page=content&id=SB10120