Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-345 (对数据真实性的验证不充分) — Vulnerability Class 227

227 vulnerabilities classified as CWE-345 (对数据真实性的验证不充分). AI Chinese analysis included.

CWE-345 represents a critical integrity weakness where software fails to adequately verify the origin or authenticity of incoming data, leading to the acceptance of invalid or malicious inputs. Attackers typically exploit this vulnerability by injecting spoofed or tampered information, tricking the application into processing untrusted sources as legitimate. This can result in severe consequences, including data corruption, unauthorized access, or system compromise, as the software blindly trusts the manipulated payload. To mitigate this risk, developers must implement robust cryptographic verification mechanisms, such as digital signatures or message authentication codes, to ensure data integrity. Additionally, strict input validation and secure communication protocols like TLS should be employed to authenticate data sources. By rigorously validating the provenance of all external inputs, organizations can prevent attackers from exploiting trust assumptions and maintain the overall security posture of their systems against integrity-based attacks.

MITRE CWE Description
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Common Consequences (1)
Integrity, OtherVaries by Context, Unexpected State
Examples (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2023-26481 Insufficient user check in FlowTokens by Email stage — authentik 9.1 Critical2023-03-04
CVE-2023-21441 SAMSUNG Mobile devices 数据伪造问题漏洞 — Routine 7.4 High2023-02-09
CVE-2023-23941 SwagPayPal payment not sent to PayPal correctly — SwagPayPal 7.5 High2023-02-03
CVE-2023-22315 Snap One Wattbox 数据伪造问题漏洞 — Wattbox WB-300-IP-3 6.7 Medium2023-01-30
CVE-2022-42267 NVIDIA GPU Display Driver 缓冲区错误漏洞 — NVIDIA GPU Display Driver for Windows 7.0 High2022-12-30
CVE-2022-23556 CodeIgniter is vulnerable to IP address spoofing when using proxy — CodeIgniter4 7.0 High2022-12-22
CVE-2022-41960 BigBlueButton contains DoS via failed authToken validation — bigbluebutton 4.3 Medium2022-12-15
CVE-2022-39909 SAMSUNG Gear IconX PC Manager 数据伪造问题漏洞 — Samsung Gear IconX PC Manager 7.1 High2022-12-08
CVE-2022-23491 Removal of TrustCor root certificate — python-certifi 6.8 Medium2022-12-07
CVE-2022-41156 OndiskPlayer Remote Code Execution Vulnerability — OndiskPlayerAgent 7.8 High2022-11-25
CVE-2022-36111 immundb has insufficient verification of data authenticity — immudb 5.4 Medium2022-11-23
CVE-2022-39199 Lack of proper validation in immudb — immudb 5.8 Medium2022-11-22
CVE-2022-3703 ETIC Telecom Remote Access Server Insufficient Verification of Data Authenticity — Remote Access Server (RAS) 7.6 High2022-11-10
CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine — Cortex XSOAR 6.7 Medium2022-11-09
CVE-2022-27513 Remote desktop takeover via phishing — Citrix Gateway, Citrix ADC 8.3 High2022-11-08
CVE-2022-34845 Robustel R1510 数据伪造问题漏洞 — R1510 7.5 -2022-10-25
CVE-2022-36360 Siemens LOGO! 8 BM 数据伪造问题漏洞 — LOGO! 8 BM (incl. SIPLUS variants) 7.5 -2022-10-11
CVE-2021-4122 cryptsetup 数据伪造问题漏洞 — cryptsetup 4.3 -2022-08-24
CVE-2022-2789 Emerson Proficy Machine Edition 数据伪造问题漏洞 — Proficy Machine Edition 4.7 Medium2022-08-19
CVE-2022-28757 Local Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOS — Zoom Client for Meetings for MacOS 8.8 High2022-08-18
CVE-2020-1755 Moodle 数据伪造问题漏洞 — Moodle 5.3 -2022-08-16
CVE-2022-34763 多款Schneider Electric产品数据伪造问题漏洞 — OPC UA Modicon Communication Module 5.9 Medium2022-07-13
CVE-2022-31598 SAP Business Objects 数据伪造问题漏洞 — SAP Business Objects 5.4 -2022-07-12
CVE-2015-5236 icedtea-web 数据伪造问题漏洞 — Icedtea-web 8.1 -2022-07-07
CVE-2022-20829 Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 9.1 Critical2022-06-24
CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool — MULTIPROG 9.8 Critical2022-06-21
CVE-2022-31800 Insufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllers — ILC 1x0 9.8 Critical2022-06-21
CVE-2022-32252 Siemens SINEMA Remote Connect Server 数据伪造问题漏洞 — SINEMA Remote Connect Server 6.5 Medium2022-06-14
CVE-2022-24889 Insufficient Verification of Data Authenticity in Nextcloud Server — security-advisories 2.4 Low2022-04-27
CVE-2022-20795 Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software AnyConnect SSL VPN Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 5.8 Medium2022-04-21

Vulnerabilities classified as CWE-345 (对数据真实性的验证不充分) represent 227 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.