CVE-2016-2202

MEDIUM

Symantec Altiris IT Management Suite < 7.6 - Access Control

Title source: rule

Description

The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/85778

[Vendor Advisory] https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160407_00

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 18.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-264

Status draft

Affected Products (1)

symantec/altiris_it_management_suite < 7.6

Timeline

Published Apr 20, 2016

Tracked Since Feb 18, 2026