CVE-2015-8765

high

Published 2016-01-08 · Modified 2026-05-06

CVSS v3

8.3

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CVSS v2

7.5

VIR risk

8.3

Description

Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Predictions

Exploit likelihood

89%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://kc.mcafee.com/corporate/index?page=content&id=SB10144

Application impact

Vendor	Product	Versions	Fixed
mcafee	epolicy_orchestrator	`{"endIncluding":"4.6.9"}`

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10144
https://www.kb.cert.org/vuls/id/576313
https://kc.mcafee.com/corporate/index?page=content&id=SB10144
https://www.kb.cert.org/vuls/id/576313

Verify integrity in audit chain (admin only). AS-IS.