CWE-1220

Insufficient Granularity of Access Control

Parent: CWE-284 - Improper Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

79 vulnerabilities with CWE-1220
CVE-2022-36110 HIGH
Netmaker <0.15.1 - Privilege Escalation
CVSS 8.8
CVE-2022-1461 MEDIUM
Open-emr Openemr < 6.1.0.1 - IDOR
CVSS 6.5
CVE-2022-1177 MEDIUM
Open-emr Openemr < 6.1.0 - Incorrect Authorization
CVSS 4.3
CVE-2021-31384 HIGH
Juniper Junos - Missing Authorization
CVSS 7.2
Details
Vulnerabilities 79
Links
MITRE CWE Entry Search this CWE With Exploits