CVE-2015-8765
HIGHMcAfee ePolicy Orchestrator < 4.6.9, 5.0.x, 5.1.x < 5.1.3, 5.3.x < 5.3.1 - RCE via Deserialization
Title source: llmDescription
Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10144
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/576313
Scores
CVSS v3
8.3
EPSS
0.0230
EPSS Percentile
85.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Details
Status
published
Products (1)
mcafee/epolicy_orchestrator
< 4.6.9
Published
Jan 08, 2016
Tracked Since
Feb 18, 2026