CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8988
https://notcve.org/view.php?id=CVE-2015-8988
Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path. Vulnerabilidad de ruta de ejecutable no citado en componentes Client Management y Gateway en McAfee (ahora Intel Security) ePO Deep Command (eDC) 2.2 y 2.1 permite a usuarios autenticados ejecutar un comando a su elección lanzando un archivo malicioso a la ruta. • https://kc.mcafee.com/corporate/index?page=content&id=SB10115 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3987
https://notcve.org/view.php?id=CVE-2015-3987
Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors. Múltiples vulnerabilidades de ruta no confiable en la búsqueda no literal de Windows en el (1) Client Management y (2) Gateway en McAfee ePO Deep Command 2.1 y 2.2 anterior a HF 1058831 permite a usuarios locales ganar privilegios mediante vectores desconocidos. • http://www.securityfocus.com/bid/74685 http://www.securitytracker.com/id/1032244 https://kc.mcafee.com/corporate/index?page=content&id=SB10115 • CWE-426: Untrusted Search Path •