Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1220

CWE-1220

Insufficient Granularity of Access Control

Parent: CWE-284 - Improper Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

85 vulnerabilities with CWE-1220

CVE-2024-52799 HIGH

Argo Workflows Helm Chart <0.44.0 - Excessive Pod Exec Privileges

CVE-2024-43604 MEDIUM

Outlook for Android - Privilege Escalation

CVE-2024-8927 HIGH

PHP <8.1.30, 8.2.*<8.2.24, 8.3.*<8.3.12 - Code Injection

CVE-2024-6867 MEDIUM

lunary-ai/lunary <a761d833 - Info Disclosure

CVE-2024-42365 HIGH

Asterisk < 18.24.2 - Remote Code Execution

CVE-2024-39324 LOW

ai-admin-graphql 2022.04.1-2022.10.9 - Insufficient Access Control via GraphQL API

CVE-2024-39323 HIGH

ai-admin-graphql 2022.04.1-2022.10.9, 2023.04.1-2023.10.5, 2024.04.1-2024.04.5 - Improper Access Control

CVE-2024-5389 HIGH

lunary < 1.4.9 - Insufficient Granularity of Access Control for Dataset Prompts

CVE-2024-29200 MEDIUM

Kimai < 2.13.0 - Insufficient Access Control via API Timesheet Endpoint

CVE-2024-26246 LOW

Microsoft Edge < 122.0.2365.92 - Security Feature Bypass

CVE-2024-2412 MEDIUM

Heimavista Rpage and Epage - User Registration Bypass

CVE-2023-31343 HIGH

AMD EPYC 7003 Processors - Authenticated Arbitrary Code Execution via SMM Handler Input Validation

CVE-2023-31342 HIGH

AMD EPYC 7003 Processors - Arbitrary Code Execution via SMM Handler Input Validation

CVE-2023-45217 HIGH

Intel Power Gadget < 3.6.0 - Authenticated Privilege Escalation via Local Access

CVE-2023-40070 HIGH

Intel Power Gadget for macOS - Authenticated Privilege Escalation via Local Access

CVE-2023-43040 MEDIUM

IBM Spectrum Fusion HCI 2.5.2-2.7.2 - Privilege Escalation

CVE-2023-32259 MEDIUM

OpenText SMAX/AMX <2022.11 - Privilege Escalation

CVE-2023-6725 MEDIUM

OpenStack Designate - Info Disclosure

CVE-2023-50713 MEDIUM

Speckle Server <2.17.6 - Auth Bypass

CVE-2023-44285 HIGH

Dell PowerProtect DD <7.13.0.10-6.2.1.110 - Privilege Escalation

CVE-2023-4456 MEDIUM

openshift-logging LokiStack - Privilege Escalation

CVE-2023-39418 LOW

PostgreSQL 15.0-15.3 - Insufficient Granularity of Access Control via MERGE Command

CVE-2023-33127 HIGH

.NET 6.0.0-6.0.19 and Visual Studio 2022 < 17.0.23 - Elevation of Privilege

CVE-2023-3227 MEDIUM

fossbilling/fossbilling <0.5.0 - Info Disclosure

CVE-2023-0205 MEDIUM

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX < 35.1012 - Denial of Service via Insufficient Access Control

Previous Page 3 of 4 Next

Details

Vulnerabilities 85

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy