Vulnerability in Mcafee Epolicy_orchestrator

CVE-2015-2859

Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.003 (49.8th percentile) — read the EPSS interpretation.

Affected products

Mcafee Epolicy_orchestrator — versions 4.0, 4.5.0, 4.5.3
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

VU#264092 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
cret@cert.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
75020 (vdb-entry, x_refsource_BID)
1032571 (vdb-entry, x_refsource_SECTRACK)
cret@cert.org (x_refsource_CONFIRM, Patch, Vendor Advisory)