CVE-2024-39327

Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1 could allow the possibility to obtain CA signing in an illegitimate way.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
mitreCNA
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Common Weakness Enumeration
References
https://eviden.com/solutions/digital-security/digital-identity/
https://support.bull.com/ols/product/security/psirt/security-bulletins/potential-privilege-escalation-in-idpki-psirt-1335-tlp-clear-version-2-10-cve-2024-39327-cve-2024-39328-cve-2024-51505/view