CVE-2015-0922
23Vexday Risk Score
Corrige pronto. Ella tiene exploit funcional público.
ssvc Attendepss 13%
de la publicación al arma0 días
Publicada en NVD9 ene
metasploit6 ene
probabilidad de explotación
13%top 4% de las CVE
explotación observada
noninguna fuente lo reporta
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.
Productos afectados
n/a · n/aReferencias
http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.htmlhttp://seclists.org/fulldisclosure/2015/Jan/37http://seclists.org/fulldisclosure/2015/Jan/8https://exchange.xforce.ibmcloud.com/vulnerabilities/99949https://gist.github.com/brandonprry/692e553975bf29aeaf2chttps://kc.mcafee.com/corporate/index?page=content&id=SB10095http://www.securityfocus.com/bid/72298http://www.securitytracker.com/id/1031519