Search
Find a vulnerability
Search criteria
4 vulnerabilities found for Symantec IT Management Suite by Broadcom
CVE-2025-24508 (GCVE-0-2025-24508)
Vulnerability from nvd – Published: 2025-07-07 04:54 – Updated: 2025-07-07 17:13
VLAI
EPSS
VEX
Title
Offline Extraction of Account Connectivity Credentials (ACCs) in IT Management Suite
Summary
Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.broadcom.com/web/ecx/support-cont… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Broadcom | Symantec IT Management Suite |
Affected:
8.6.x, 8.7.x 8.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T17:12:56.951265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:13:00.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Symantec IT Management Suite",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "8.6.x, 8.7.x 8.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eExtraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage\u003c/span\u003e"
}
],
"value": "Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T04:54:31.638Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35904"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Offline Extraction of Account Connectivity Credentials (ACCs) in IT Management Suite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2025-24508",
"datePublished": "2025-07-07T04:54:31.638Z",
"dateReserved": "2025-01-22T08:29:34.305Z",
"dateUpdated": "2025-07-07T17:13:00.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5333 (GCVE-0-2025-5333)
Vulnerability from nvd – Published: 2025-07-06 13:50 – Updated: 2025-07-07 14:02
VLAI
EPSS
VEX
Title
Unauthenticated Remote Code Execution in IT Management Suite
Summary
Remote attackers can execute arbitrary code in the context of the vulnerable service process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.broadcom.com/web/ecx/support-cont… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Broadcom | Symantec IT Management Suite |
Affected:
8.6.x, 8.7.x 8.8
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T14:01:03.430009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T14:02:14.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Symantec IT Management Suite",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "8.6.x, 8.7.x 8.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eleftherios Panos (lefteris.panos@lrqa.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eRemote attackers can execute arbitrary code in the context of the vulnerable service process.\u003c/span\u003e"
}
],
"value": "Remote attackers can execute arbitrary code in the context of the vulnerable service process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "IRRECOVERABLE",
"Safety": "PRESENT",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-06T13:50:25.955Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35903"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Remote Code Execution in IT Management Suite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2025-5333",
"datePublished": "2025-07-06T13:50:25.955Z",
"dateReserved": "2025-05-29T12:38:18.164Z",
"dateUpdated": "2025-07-07T14:02:14.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24508 (GCVE-0-2025-24508)
Vulnerability from cvelistv5 – Published: 2025-07-07 04:54 – Updated: 2025-07-07 17:13
VLAI
EPSS
VEX
Title
Offline Extraction of Account Connectivity Credentials (ACCs) in IT Management Suite
Summary
Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.broadcom.com/web/ecx/support-cont… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Broadcom | Symantec IT Management Suite |
Affected:
8.6.x, 8.7.x 8.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T17:12:56.951265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:13:00.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Symantec IT Management Suite",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "8.6.x, 8.7.x 8.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eExtraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage\u003c/span\u003e"
}
],
"value": "Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T04:54:31.638Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35904"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Offline Extraction of Account Connectivity Credentials (ACCs) in IT Management Suite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2025-24508",
"datePublished": "2025-07-07T04:54:31.638Z",
"dateReserved": "2025-01-22T08:29:34.305Z",
"dateUpdated": "2025-07-07T17:13:00.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5333 (GCVE-0-2025-5333)
Vulnerability from cvelistv5 – Published: 2025-07-06 13:50 – Updated: 2025-07-07 14:02
VLAI
EPSS
VEX
Title
Unauthenticated Remote Code Execution in IT Management Suite
Summary
Remote attackers can execute arbitrary code in the context of the vulnerable service process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.broadcom.com/web/ecx/support-cont… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Broadcom | Symantec IT Management Suite |
Affected:
8.6.x, 8.7.x 8.8
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T14:01:03.430009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T14:02:14.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Symantec IT Management Suite",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "8.6.x, 8.7.x 8.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eleftherios Panos (lefteris.panos@lrqa.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eRemote attackers can execute arbitrary code in the context of the vulnerable service process.\u003c/span\u003e"
}
],
"value": "Remote attackers can execute arbitrary code in the context of the vulnerable service process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "IRRECOVERABLE",
"Safety": "PRESENT",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-06T13:50:25.955Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35903"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Remote Code Execution in IT Management Suite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2025-5333",
"datePublished": "2025-07-06T13:50:25.955Z",
"dateReserved": "2025-05-29T12:38:18.164Z",
"dateUpdated": "2025-07-07T14:02:14.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}