{"api_version":"1","generated_at":"2026-04-29T03:10:00+00:00","cve":"CVE-2015-3987","urls":{"html":"https://cve.report/CVE-2015-3987","api":"https://cve.report/api/cve/CVE-2015-3987.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-3987","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-3987"},"summary":{"title":"CVE-2015-3987","description":"Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2015-05-14 14:59:00","updated_at":"2019-02-11 16:11:00"},"problem_types":["CWE-426"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/74685","name":"74685","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"McAfee ePO Deep Command CVE-2015-3987 Multiple Local Privilege Escalation Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10115","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10115","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"McAfee KnowledgeBase - Intel Security - Security Bulletin: ePO Deep Command 2.1 / 2.2 update fixes \"Unquoted Executable Path\" vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1032244","name":"1032244","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"McAfee ePolicy Orchestrator Deep Command Unquoted Executable Path Lets Local Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-3987","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3987","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"3987","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"epo_deep_command","cpe6":"2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"3987","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"epo_deep_command","cpe6":"2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"3987","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"epo_deep_command","cpe6":"2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"3987","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"epo_deep_command","cpe6":"2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-3987","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"74685","refsource":"BID","url":"http://www.securityfocus.com/bid/74685"},{"name":"1032244","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1032244"},{"name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10115","refsource":"CONFIRM","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10115"}]}},"nvd":{"publishedDate":"2015-05-14 14:59:00","lastModifiedDate":"2019-02-11 16:11:00","problem_types":["CWE-426"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:epo_deep_command:2.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:epo_deep_command:2.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"3987","Ordinal":"80942","Title":"CVE-2015-3987","CVE":"CVE-2015-3987","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"3987","Ordinal":"1","NoteData":"Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"3987","Ordinal":"2","NoteData":"2015-05-14","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"3987","Ordinal":"3","NoteData":"2016-12-30","Type":"Other","Title":"Modified"}]}}}