Insecure Permissions in Atos Eviden IDRA and IDCA Products
CVE-2024-39328

6.8MEDIUM

Key Information:

Vendor: Atos
Status: Eviden IDRA and IDCA
Vendor: CVE Published:; 18 February 2025

What is CVE-2024-39328?

The Atos Eviden IDRA and IDCA products prior to version 2.7.0 have a vulnerability that allows a highly trusted role, specifically the Config Admin, to exceed their configuration privileges in a multi-partition environment. This could potentially enable unauthorized access to confidential data, compromising data confidentiality despite maintaining data integrity and availability.

References

https://eviden.com/solutions/digital-security/digital-ide...

https://support.bull.com/ols/product/security/psirt/secur...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Jun 23, 2024