CVE-2015-8765 Intel McAfee ePolicy Orchestrator Insecure Object Deserialization Vulnerability (SB10144)

McAfee ePolicy Orchestrator (ePO) software centralizes and streamlines management of endpoint, network, content security and compliance solutions. The vulnerability exists because ePolicy Orchestrator (ePO) is packaged with Apache Commons Collections library version 3.2.1 (commons-collections-3.2.1.jar) which is vulnerable to insecure deserialization of data, which may result in arbitrary code execution.

Affected Versions:
McAfee ePO versions 4.6.9 and earlier
McAfee ePO versions 5.1.3 and earlier
McAfee ePO versions 5.3.1 and earlier

A remote attacker could exploit this vulnerability to run arbitrary code on the system.

Customers are advised to review SB10144 for more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SB10144