Description
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
CVE vulnerabilities with CWE-1220 (94)
9.8
CVSS
CRITICAL
CVE-2025-31201
pub. 2025-04-16🚩 CISA KEV⚡ EXPLOIT
9.8
CVSS
CRITICAL
CVE-2022-2475
pub. 2022-10-28
9.6
CVSS
CRITICAL
CVE-2026-6356
pub. 2026-04-22
9.1
CVSS
CRITICAL
CVE-2026-6388
pub. 2026-04-15
9.1
CVSS
CRITICAL
CVE-2025-7493
pub. 2025-09-30
9.1
CVSS
CRITICAL
CVE-2025-4404
pub. 2025-06-17
9.0
CVSS
CRITICAL
CVE-2026-2651
pub. 2026-05-25
8.8
CVSS
HIGH
CVE-2026-35436
pub. 2026-05-12
8.8
CVSS
HIGH
CVE-2026-40365
pub. 2026-05-12
8.8
CVSS
HIGH
CVE-2025-29987
pub. 2025-04-03
8.8
CVSS
HIGH
CVE-2023-40070
pub. 2024-05-16
8.8
CVSS
HIGH
CVE-2023-45217
pub. 2024-05-16
8.8
CVSS
HIGH
CVE-2022-36110
pub. 2022-09-09
8.6
CVSS
HIGH
CVE-2024-21962
pub. 2026-05-15
8.2
CVSS
HIGH
CVE-2026-41326
pub. 2026-04-24
8.2
CVSS
HIGH
CVE-2026-39363
pub. 2026-04-07
8.2
CVSS
HIGH
CVE-2025-3648
pub. 2025-07-08
8.2
CVSS
HIGH
CVE-2024-52799
pub. 2024-11-21
8.1
CVSS
HIGH
CVE-2024-5389
pub. 2024-06-09
8.1
CVSS
HIGH
CVE-2023-33127
pub. 2023-07-11
Showing 20 of 94 vulnerabilities