Information Disclosure in Altiris WMI Provider by Broadcom
CVE-2026-15379

5.1MEDIUM

Key Information:

Vendor

Broadcom

Vendor
CVE Published:
17 July 2026

What is CVE-2026-15379?

The Altiris WMI Provider exposes a class called AltirisAgent_Stream that enables local standard users to read any file contents accessible to the SYSTEM account. This occurs due to the provider executing under the LocalSystem context while servicing WMI queries, without properly re-impersonating the requesting user. As a result, standard users can access sensitive files, including configuration documents, service logs, and other secrets stored with restricted ACLs intended for SYSTEM or Administrator access. Organizations using the Altiris WMI Provider must be aware of this vulnerability to secure their sensitive information effectively.

Affected Version(s)

Symantec IT Management Suite 8.8

Symantec IT Management Suite 8.8.1

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dhanush Arvind, Intercontinental Exchange (ICE) Information Security (https://www.linkedin.com/in/dagowda)
.