ByteOS Network

Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context.

Vendor-haascnc Haas

Product-haas_controller haas_controller_firmware Haas CNC Controller

CWE ID-CWE-1220

Insufficient Granularity of Access Control

CVE-2022-36110

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-8.8||HIGH

EPSS-0.10% / 28.44%

7 Day CHG~0.00%

Published-09 Sep, 2022 | 19:15

Updated-23 Apr, 2025 | 17:12

Netmaker vulnerable to Insufficient Granularity of Access Control

Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1.

Vendor-gravitl gravitl

Product-netmaker netmaker

CWE ID-CWE-1220

Insufficient Granularity of Access Control

CWE ID-CWE-285

Improper Authorization

CVE-2022-1461

Assigner-Protect AI (formerly huntr.dev)

View Details

Assigner-Protect AI (formerly huntr.dev)

CVSS Score-8.1||HIGH

EPSS-1.65% / 81.24%

7 Day CHG~0.00%

Published-25 Apr, 2022 | 10:15

Updated-03 Aug, 2024 | 00:03

Non Privilege User can Enable or Disable Registered in openemr/openemr

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.

Vendor-OpenEMR Foundation, Inc

Product-openemr openemr/openemr

CWE ID-CWE-1220

Insufficient Granularity of Access Control

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key

CVE-2022-1177

Assigner-Protect AI (formerly huntr.dev)

View Details

Assigner-Protect AI (formerly huntr.dev)

CVSS Score-6.5||MEDIUM

EPSS-3.31% / 86.72%

7 Day CHG~0.00%

Published-30 Mar, 2022 | 11:00

Updated-02 Aug, 2024 | 23:55

Accounting User Can Download Patient Reports in openemr in openemr/openemr

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.

Vendor-OpenEMR Foundation, Inc

Product-openemr openemr/openemr

CWE ID-CWE-1220

Insufficient Granularity of Access Control

CWE ID-CWE-863

Incorrect Authorization

CVE-2021-31384

Assigner-Juniper Networks, Inc.

View Details

Assigner-Juniper Networks, Inc.

CVSS Score-7.2||HIGH

EPSS-0.36% / 57.73%

7 Day CHG~0.00%

Published-19 Oct, 2021 | 18:17

Updated-16 Sep, 2024 | 17:37

Junos OS: SRX Series: Under a specific device configuration an attacker can access the devices J-Web management services from any interface, regardless of security settings protecting the service

Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Vendor-Juniper Networks, Inc.

Product-srx5400 srx5800 srx4200 srx550 srx300 srx5600 junos srx4100 srx4600 srx1500 Junos OS

CWE ID-CWE-862

Missing Authorization

CWE ID-CWE-285

Improper Authorization

CWE ID-CWE-551

Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

CWE ID-CWE-1220

Insufficient Granularity of Access Control

CWE ID-CWE-939

Improper Authorization in Handler for Custom URL Scheme