DCOM and Task Scheduler Vulnerability in Broadcom ITMS Products
CVE-2026-15380

5.1MEDIUM

Key Information:

Vendor

Broadcom

Vendor
CVE Published:
17 July 2026

What is CVE-2026-15380?

A significant vulnerability in Broadcom's IT Management Suite allows non-administrator users to execute arbitrary SYSTEM-level code. This exploit leverages a chain of interactions via DCOM and the task scheduler, facilitating unauthorized access without the need for memory corruption or network connectivity. The exploitation process provides potential attackers with elevated privileges, posing serious security risks to affected installations. Users of ITMS should consult the vendor's advisories for mitigation strategies and updates.

Affected Version(s)

Symantec Management Suite 8.7.3

Symantec Management Suite 8.8

Symantec Management Suite 8.8.1

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dhanush Arvind, Intercontinental Exchange (ICE) Information Security (https://www.linkedin.com/in/dagowda)
.