What is CVE-2015-0922?

CVE-2015-0922 is a vulnerability in Mcafee Epolicy_orchestrator, classified under Information Disclosure. Published 2015-01-09.

Is CVE-2015-0922 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Mcafee Epolicy_orchestrator

CVE-2015-0922

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted pa…

Vulnerability class: Information Disclosure

EPSS: 0.457 (97.7th percentile) — read the EPSS interpretation.

Affected products

Mcafee Epolicy_orchestrator — versions 5.0.0, 5.0.1, 5.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

rapid7/metasploit-framework

References

72298 (Exploit, vdb-entry, x_refsource_BID)
20150112 Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure (mailing-list, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
cve@mitre.org (Exploit, x_refsource_MISC)
20150106 McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure (mailing-list, x_refsource_FULLDISC)
macafee-cve20150922-info-disc(99949) (vdb-entry, x_refsource_XF)
1031519 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2015-0922?: CVE-2015-0922 is a vulnerability in Mcafee Epolicy_orchestrator, classified under Information Disclosure. Published 2015-01-09.
Is CVE-2015-0922 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.