CVE-2015-2859

Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
mcafeeepolicy_orchestrator
4.0
mcafeeepolicy_orchestrator
4.5.0
mcafeeepolicy_orchestrator
4.5.3
mcafeeepolicy_orchestrator
4.5.4
mcafeeepolicy_orchestrator
4.5.5
mcafeeepolicy_orchestrator
4.5.6
mcafeeepolicy_orchestrator
4.5.7
mcafeeepolicy_orchestrator
4.6.0
mcafeeepolicy_orchestrator
4.6.1
mcafeeepolicy_orchestrator
4.6.2
mcafeeepolicy_orchestrator
4.6.3
mcafeeepolicy_orchestrator
4.6.4
mcafeeepolicy_orchestrator
4.6.5
mcafeeepolicy_orchestrator
4.6.6
mcafeeepolicy_orchestrator
4.6.7
mcafeeepolicy_orchestrator
4.6.8
mcafeeepolicy_orchestrator
4.6.9
mcafeeepolicy_orchestrator
5.0.0
mcafeeepolicy_orchestrator
5.0.1
mcafeeepolicy_orchestrator
5.1.0
mcafeeepolicy_orchestrator
5.1.1
mcafeeepolicy_orchestrator
5.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/264092
http://www.securityfocus.com/bid/75020
http://www.securitytracker.com/id/1032571
https://kc.mcafee.com/corporate/index?page=content&id=KB84628
https://kc.mcafee.com/corporate/index?page=content&id=SB10120
http://www.kb.cert.org/vuls/id/264092
http://www.securityfocus.com/bid/75020
http://www.securitytracker.com/id/1032571
https://kc.mcafee.com/corporate/index?page=content&id=KB84628
https://kc.mcafee.com/corporate/index?page=content&id=SB10120