CWE-1220Insufficient Granularity of Access Control

Description

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

[object Object]

Common consequences

• Confidentiality,Integrity,Availability,Access Control→Modify Memory,Read Memory,Execute Unauthorized Code or Commands,Gain Privileges or Assume Identity,Bypass Protection Mec

Potential mitigations

• Architecture and Design,Implementation,Testing
  [object Object]

Related CWEs

Recent CVEs classified under this CWE