Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-345 (对数据真实性的验证不充分) — Vulnerability Class 226

226 vulnerabilities classified as CWE-345 (对数据真实性的验证不充分). AI Chinese analysis included.

CWE-345 represents a critical integrity weakness where software fails to adequately verify the origin or authenticity of incoming data, leading to the acceptance of invalid or malicious inputs. Attackers typically exploit this vulnerability by injecting spoofed or tampered information, tricking the application into processing untrusted sources as legitimate. This can result in severe consequences, including data corruption, unauthorized access, or system compromise, as the software blindly trusts the manipulated payload. To mitigate this risk, developers must implement robust cryptographic verification mechanisms, such as digital signatures or message authentication codes, to ensure data integrity. Additionally, strict input validation and secure communication protocols like TLS should be employed to authenticate data sources. By rigorously validating the provenance of all external inputs, organizations can prevent attackers from exploiting trust assumptions and maintain the overall security posture of their systems against integrity-based attacks.

MITRE CWE Description
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Common Consequences (1)
Integrity, OtherVaries by Context, Unexpected State
Examples (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2023-47631 vantage6 Node accepts non-whitelisted algorithms from malicious server — vantage6 7.2 High2023-11-14
CVE-2023-47630 Attacker can cause Kyverno user to unintentionally consume insecure image — kyverno 7.1 High2023-11-14
CVE-2023-42816 Denial of service from malicious signature in kyverno — kyverno 6.1 Medium2023-11-13
CVE-2023-41896 Fake websocket server installation permits full takeover in Home Assistant Core — core 7.1 High2023-10-19
CVE-2023-41898 Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android — core 8.6 High2023-10-19
CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent — arduino-create-agent 7.3 High2023-10-18
CVE-2023-43666 Apache InLong: General user Unauthorized access User Management — Apache InLong 6.5 -2023-10-16
CVE-2023-42782 Fortinet FortiAnalyzer 数据伪造问题漏洞 — FortiAnalyzer 5.0 Medium2023-10-10
CVE-2023-5450 BIG-IP Edge Client for macOS vulnerability — BIG-IP Edge Client 7.3 High2023-10-10
CVE-2023-5366 Openvswitch don't match packets on nd_target field — openvswitch 7.1 High2023-10-06
CVE-2023-39347 Cilium NetworkPolicy bypass via pod labels — cilium 7.6 High2023-09-26
CVE-2023-43636 Rootfs Not Protected — EVE OS 8.8 High2023-09-20
CVE-2023-4589 Insufficient verification of data authenticity vulnerability in Delinea Secret Server — Secret Server 9.1 Critical2023-09-06
CVE-2023-35719 ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability — ADSelfService Plus 6.8 -2023-09-06
CVE-2023-41045 Insecure source port usage for DNS queries in Graylog — graylog2-server 3.7 Low2023-08-31
CVE-2023-36541 Zoom Client 数据伪造问题漏洞 — Zoom Desktop Client for Windows 8.0 High2023-08-08
CVE-2023-36858 BIG-IP Edge Client for Windows and macOS vulnerability — BIG-IP Edge Client 7.1 High2023-08-02
CVE-2023-37920 Certifi's removal of e-Tugra root certificate — python-certifi 7.5 High2023-07-25
CVE-2023-30562 Lack of Dataset Integrity Checking — BD Alarisâ„¢ Guardrailsâ„¢ Editor 3.0 Low2023-07-13
CVE-2023-25178 Controller design flaw - unsigned firmware — C300 9.8 Critical2023-07-13
CVE-2023-37264 Pipelines do not validate child UIDs — pipeline 3.7 Low2023-07-07
CVE-2023-3325 CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature — CMS Commander – Manage Multiple Sites 8.1 High2023-06-20
CVE-2023-2987 Wordapp <= 1.6.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature — Wordapp 9.8 Critical2023-05-31
CVE-2023-26467 Pegasystem PEGA Platform 数据伪造问题漏洞 — RPA: Synchronization Engine 5.4 -2023-04-10
CVE-2022-48431 JetBrains IntelliJ IDEA 数据伪造问题漏洞 — IntelliJ IDEA 4.5 Medium2023-03-29
CVE-2023-27977 Schneider Electric IGSS Data Server 数据伪造问题漏洞 — IGSS Data Server(IGSSdataServer.exe) 6.5 Medium2023-03-21
CVE-2023-27979 Schneider Electric IGSS Data Server 数据伪造问题漏洞 — IGSS Data Server(IGSSdataServer.exe) 6.5 Medium2023-03-21
CVE-2023-27982 Schneider Electric IGSS Data Server 数据伪造问题漏洞 — IGSS Data Server(IGSSdataServer.exe) 8.8 High2023-03-21
CVE-2017-20180 Zerocoin libzerocoin Proof CoinSpend.cpp CoinSpend data authenticity — libzerocoin 4.6 Medium2023-03-06
CVE-2023-26481 Insufficient user check in FlowTokens by Email stage — authentik 9.1 Critical2023-03-04

Vulnerabilities classified as CWE-345 (对数据真实性的验证不充分) represent 226 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.