CVE-2024-39328 - Vulnerability Details

Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A highly trusted role (Config Admin) could exceed their configuration privileges in a multi-partition environment and access some confidential data. Data integrity and availability is not at risk.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://eviden.com/solutions/digital-security/digital-identity/
https://support.bull.com/ols/product/security/psirt/security-bulletins/potential-privilege-escalation-in-idpki-psirt-1335-tlp-clear-version-2-10-cve-2024-39327-cve-2024-39328-cve-2024-51505/view

History

Tue, 18 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-863
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 18 Feb 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description		Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A highly trusted role (Config Admin) could exceed their configuration privileges in a multi-partition environment and access some confidential data. Data integrity and availability is not at risk.
References		https://eviden.com/solutions/digital-security/digital-identity/ https://support.bull.com/ols/product/security/psirt/security-bulletins/potential-privilege-escalation-in-idpki-psirt-1335-tlp-clear-version-2-10-cve-2024-39327-cve-2024-39328-cve-2024-51505/view
Metrics		cvssV3_1 `{'score': 6.8, 'vector': 'CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:H/S:C/UI:N'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-02-18T00:00:00.000Z

Updated: 2025-02-18T19:56:06.240Z

Reserved: 2024-06-23T00:00:00.000Z

Link: CVE-2024-39328

Vulnrichment

Updated: 2025-02-18T19:55:48.747Z

NVD

Status : Awaiting Analysis

Published: 2025-02-18T18:15:20.633

Modified: 2025-02-18T20:15:18.533

Link: CVE-2024-39328

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object