Skip to main content

Symantec Management Suite

1 CVEs product

Monthly

CVE-2026-15380 MEDIUM This Month

Full SYSTEM-level code execution in Broadcom's Symantec IT Management Suite (ITMS) 8.7.3 is reachable by any non-administrator interactive user via a DCOM and Windows Task Scheduler logic chain, requiring no network access and no memory corruption. The attack is confined to the local host, meaning a standard user account with an interactive session on the ITMS server is sufficient to achieve unrestricted SYSTEM privileges. No public exploit has been identified at time of analysis, though Broadcom's advisory carries the highest urgency rating (U:Red) and the CVSS 4.0 supplemental metric AU:Y indicates the exploitation steps can be automated once understood.

RCE Buffer Overflow Symantec Management Suite
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
EPSS 0% CVSS 5.1
MEDIUM This Month

Full SYSTEM-level code execution in Broadcom's Symantec IT Management Suite (ITMS) 8.7.3 is reachable by any non-administrator interactive user via a DCOM and Windows Task Scheduler logic chain, requiring no network access and no memory corruption. The attack is confined to the local host, meaning a standard user account with an interactive session on the ITMS server is sufficient to achieve unrestricted SYSTEM privileges. No public exploit has been identified at time of analysis, though Broadcom's advisory carries the highest urgency rating (U:Red) and the CVSS 4.0 supplemental metric AU:Y indicates the exploitation steps can be automated once understood.

RCE Buffer Overflow Symantec Management Suite
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy