The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
85 vulnerabilities with CWE-1220
CVE-2023-0203
MEDIUM
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX < 35.1012 - Denial of Service via Insufficient Access Control
CVSS 5.0
CVE-2023-27591
HIGH
miniflux < 2.0.43 - Unauthenticated Information Disclosure via Prometheus Metrics Endpoint
CVSS 7.5
CVE-2022-4813
MEDIUM
usememos/memos <0.9.1 - Info Disclosure
CVSS 4.3
CVE-2022-4801
MEDIUM
GitHub usememos/memos <0.9.1 - Info Disclosure
CVSS 5.3
CVE-2022-2475
CRITICAL
Haas Controller <100.20.000.1110 - Privilege Escalation
CVSS 9.8
CVE-2022-36110
HIGH
Netmaker <0.15.1 - Privilege Escalation
CVSS 8.8
CVE-2022-1461
MEDIUM
OpenEMR < 6.1.0.1 - Insufficient Access Control for User Registration Settings
CVSS 6.5
CVE-2022-1177
MEDIUM
OpenEMR < 6.1.0 - Insufficient Access Control for Patient Reports
CVSS 4.3
CVE-2021-46747
HIGH
AMD Secure Processor - Insufficient Granularity of Access Control in SMN Aperture Mapping
CVE-2021-31384
HIGH
Juniper Junos OS SRX Series 20.4R1-20.4R3, 21.1-21.1R1 - Unauthenticated J-Web Access Bypass
CVSS 7.2
Details
Vulnerabilities
85