Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-345 (对数据真实性的验证不充分) — Vulnerability Class 226

226 vulnerabilities classified as CWE-345 (对数据真实性的验证不充分). AI Chinese analysis included.

CWE-345 represents a critical integrity weakness where software fails to adequately verify the origin or authenticity of incoming data, leading to the acceptance of invalid or malicious inputs. Attackers typically exploit this vulnerability by injecting spoofed or tampered information, tricking the application into processing untrusted sources as legitimate. This can result in severe consequences, including data corruption, unauthorized access, or system compromise, as the software blindly trusts the manipulated payload. To mitigate this risk, developers must implement robust cryptographic verification mechanisms, such as digital signatures or message authentication codes, to ensure data integrity. Additionally, strict input validation and secure communication protocols like TLS should be employed to authenticate data sources. By rigorously validating the provenance of all external inputs, organizations can prevent attackers from exploiting trust assumptions and maintain the overall security posture of their systems against integrity-based attacks.

MITRE CWE Description
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Common Consequences (1)
Integrity, OtherVaries by Context, Unexpected State
Examples (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2024-45410 HTTP client can remove the X-Forwarded headers in Traefik — traefik 9.8 Critical2024-09-19
CVE-2024-25584 Dovecot 安全漏洞 — OX Dovecot Pro 5.3 Medium2024-09-06
CVE-2024-37968 Windows DNS Spoofing Vulnerability — Windows Server 2019 7.5 High2024-08-13
CVE-2024-38198 Windows Print Spooler Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.5 High2024-08-13
CVE-2024-25638 DNSJava DNSSEC Bypass — dnsjava 8.9 High2024-07-22
CVE-2024-40644 gitoxide's gix-path can use a fake program files location — gitoxide 6.8 Medium2024-07-18
CVE-2024-39689 Certifi removes GLOBALTRUST root certificate — python-certifi 7.5 High2024-07-05
CVE-2024-5684 ID Charger Connect & Pro - JWT-Null-Algorithm — ID Charger Connect & Pro 6.3 Medium2024-06-06
CVE-2024-3049 Booth: specially crafted hash can lead to invalid hmac being accepted by booth server 5.9 Medium2024-06-06
CVE-2024-2382 Authorize.net Payment Gateway For WooCommerce <= 8.0 - Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass — Authorize.net Payment Gateway For WooCommerce 5.3 Medium2024-06-04
CVE-2024-1718 Claudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status Update — Claudio Sanches – Checkout Cielo for WooCommerce 5.3 Medium2024-06-04
CVE-2024-23601 AutomationDirect P3-550E 安全漏洞 — P3-550E 9.8 Critical2024-05-28
CVE-2024-31341 WordPress User Profile Builder plugin <= 3.11.2 - Bypass Vulnerability vulnerability — Profile Builder 5.3 Medium2024-05-17
CVE-2023-6323 ThroughTek Kalay SDK insufficient verification of message authenticity — Kalay SDK 4.3 Medium2024-05-15
CVE-2024-35175 sshpiper's Enabling of Proxy Protocol without proper feature flagging allows faking source address — sshpiper 5.3 Medium2024-05-14
CVE-2023-45586 Fortinet FortiOS 数据伪造问题漏洞 — FortiProxy 4.7 Medium2024-05-14
CVE-2024-33494 Siemens 多款产品 数据伪造问题漏洞 — SIMATIC RTLS Locating Manager 6.5 Medium2024-05-14
CVE-2024-34354 CMSaasStarter: JWT Token Not Verified on Server Session — CMSaasStarter 6.5 Medium2024-05-09
CVE-2023-27360 NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability — RAX30 8.8 -2024-05-03
CVE-2023-6236 Eap: oidc app attempting to access the second tenant, the user should be prompted to log — Red Hat JBoss Enterprise Application Platform 8 7.3 High2024-04-10
CVE-2024-30250 In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists — astro-shield 7.5 High2024-04-04
CVE-2024-2384 WooCommerce POS <= 1.4.11 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information Disclosure — WCPOS – Point of Sale (POS) plugin for WooCommerce 4.3 Medium2024-03-20
CVE-2024-28251 Cross-site websocket hijacking in Querybook — querybook 5.6 Medium2024-03-13
CVE-2024-1321 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass — EventPrime – Events Calendar, Bookings and Tickets 5.3 Medium2024-03-13
CVE-2024-27305 SMTP smuggling in aiosmtpd — aiosmtpd 5.3 Medium2024-03-12
CVE-2023-32329 IBM Security Access Manager Container improper file validation — Security Verify Access Appliance 6.2 Medium2024-02-03
CVE-2023-52109 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.5AIHighAI2024-01-16
CVE-2023-44402 ASAR Integrity bypass via filetype confusion in electron — electron 6.1 Medium2023-12-01
CVE-2023-49087 Validation of SignedInfo — xml-security 6.8 Medium2023-11-30
CVE-2023-48238 JWT Algorithm Confusion in json-web-token library — json-web-token 7.5 High2023-11-17

Vulnerabilities classified as CWE-345 (对数据真实性的验证不充分) represent 226 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.