5
CVE-2015-0922
- EPSS 13.35%
- Veröffentlicht 09.01.2015 18:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mcafee ≫ Epolicy Orchestrator Version <= 4.6.8
Mcafee ≫ Epolicy Orchestrator Version5.0.0
Mcafee ≫ Epolicy Orchestrator Version5.0.1
Mcafee ≫ Epolicy Orchestrator Version5.1.0
Mcafee ≫ Epolicy Orchestrator Version5.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.35% | 0.959 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html
http://seclists.org/fulldisclosure/2015/Jan/37
http://seclists.org/fulldisclosure/2015/Jan/8
http://www.securitytracker.com/id/1031519
https://gist.github.com/brandonprry/692e553975bf29aeaf2c
https://kc.mcafee.com/corporate/index?page=content&id=SB10095
http://www.securityfocus.com/bid/72298
https://exchange.xforce.ibmcloud.com/vulnerabilities/99949