CVE-2024-39328

Name of the Vulnerable Software and Affected Versions Atos Eviden IDRA and IDCA versions prior to 2.7.0

Description The issue concerns insecure permissions that could allow a highly trusted role, Config Admin, to exceed its configuration privileges in a multi-partition environment. This could lead to access to some confidential data. However, data integrity and availability are not at risk.

Recommendations For Atos Eviden IDRA and IDCA versions prior to 2.7.0, update to version 2.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the privileges of the Config Admin role in multi-partition environments to minimize the risk of unauthorized access to confidential data.