Unrated severityNVD Advisory· Published Jan 9, 2015· Updated May 6, 2026

CVE-2015-0922

Description

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.

Affected products

McAfee/Epolicy Orchestrator5 versions
cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*range: <=4.6.8
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kc.mcafee.com/corporate/indexnvdPatchVendor Advisory
packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.htmlnvdExploit
www.securityfocus.com/bid/72298nvdExploit
seclists.org/fulldisclosure/2015/Jan/37nvd
seclists.org/fulldisclosure/2015/Jan/8nvd
www.securitytracker.com/id/1031519nvd
exchange.xforce.ibmcloud.com/vulnerabilities/99949nvd
gist.github.com/brandonprry/692e553975bf29aeaf2cnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.037
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000