5.8
CVE-2015-2859
- EPSS 0.2%
- Published 23.06.2015 21:59:00
- Last modified 12.04.2025 10:46:40
- Source cret@cert.org
- Teams watchlist Login
- Open Login
Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Data is provided by the National Vulnerability Database (NVD)
Mcafee ≫ Epolicy Orchestrator Version4.0
Mcafee ≫ Epolicy Orchestrator Version4.5.0
Mcafee ≫ Epolicy Orchestrator Version4.5.3
Mcafee ≫ Epolicy Orchestrator Version4.5.4
Mcafee ≫ Epolicy Orchestrator Version4.5.5
Mcafee ≫ Epolicy Orchestrator Version4.5.6
Mcafee ≫ Epolicy Orchestrator Version4.5.7
Mcafee ≫ Epolicy Orchestrator Version4.6.0
Mcafee ≫ Epolicy Orchestrator Version4.6.1
Mcafee ≫ Epolicy Orchestrator Version4.6.2
Mcafee ≫ Epolicy Orchestrator Version4.6.3
Mcafee ≫ Epolicy Orchestrator Version4.6.4
Mcafee ≫ Epolicy Orchestrator Version4.6.5
Mcafee ≫ Epolicy Orchestrator Version4.6.6
Mcafee ≫ Epolicy Orchestrator Version4.6.7
Mcafee ≫ Epolicy Orchestrator Version4.6.8
Mcafee ≫ Epolicy Orchestrator Version4.6.9
Mcafee ≫ Epolicy Orchestrator Version5.0.0
Mcafee ≫ Epolicy Orchestrator Version5.0.1
Mcafee ≫ Epolicy Orchestrator Version5.1.0
Mcafee ≫ Epolicy Orchestrator Version5.1.1
Mcafee ≫ Epolicy Orchestrator Version5.1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.417 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|