CVE-2024-39328

Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A highly trusted role (Config Admin) could exceed their configuration privileges in a multi-partition environment and access some confidential data. Data integrity and availability is not at risk.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://eviden.com/solutions/digital-security/digital-identity/
https://support.bull.com/ols/product/security/psirt/security-bulletins/potential-privilege-escalation-in-idpki-psirt-1335-tlp-clear-version-2-10-cve-2024-39327-cve-2024-39328-cve-2024-51505/view

Configurations

No configuration.

History

No history.

Information

Published : 2025-02-18 18:15

Updated : 2025-02-18 20:15

NVD link : CVE-2024-39328

Mitre link : CVE-2024-39328

CVE.ORG link : CVE-2024-39328

JSON object : View

Products Affected

No product.

CWE

CWE-863

Incorrect Authorization

6.8 /10