Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-345 (对数据真实性的验证不充分) — Vulnerability Class 226

226 vulnerabilities classified as CWE-345 (对数据真实性的验证不充分). AI Chinese analysis included.

CWE-345 represents a critical integrity weakness where software fails to adequately verify the origin or authenticity of incoming data, leading to the acceptance of invalid or malicious inputs. Attackers typically exploit this vulnerability by injecting spoofed or tampered information, tricking the application into processing untrusted sources as legitimate. This can result in severe consequences, including data corruption, unauthorized access, or system compromise, as the software blindly trusts the manipulated payload. To mitigate this risk, developers must implement robust cryptographic verification mechanisms, such as digital signatures or message authentication codes, to ensure data integrity. Additionally, strict input validation and secure communication protocols like TLS should be employed to authenticate data sources. By rigorously validating the provenance of all external inputs, organizations can prevent attackers from exploiting trust assumptions and maintain the overall security posture of their systems against integrity-based attacks.

MITRE CWE Description
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Common Consequences (1)
Integrity, OtherVaries by Context, Unexpected State
Examples (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2021-26625 tobesoft Nexacro arbitrary file download vulnerability — Nexacro 17 8.8 High2022-04-19
CVE-2022-20774 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability — Cisco IP Phone 7800 Series with Multiplatform Firmware 6.8 Medium2022-04-06
CVE-2021-4031 Syltek Insufficient Verification of Data Authenticity — Syltek 7.5 High2022-03-18
CVE-2021-24825 Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI — Custom Content Shortcode 4.3 -2022-03-07
CVE-2022-22567 Dell Client Commercial 数据伪造问题漏洞 — CPG BIOS 4.7 Medium2022-02-09
CVE-2022-22994 Insufficient Verification of Data Authenticity Remote Code Execution Vulnerability on Western Digital My Cloud devices. — My Cloud 8.8 High2022-01-28
CVE-2020-10137 Silicon Labs 700 数据伪造问题漏洞 — UZB-7 6.5 -2022-01-09
CVE-2021-26315 AMD Platform Security Processor 数据伪造问题漏洞 — 3rd Gen AMD EPYC™ 7.8 -2021-11-16
CVE-2021-41203 Missing validation during checkpoint loading — tensorflow 7.8 High2021-11-05
CVE-2021-41106 File reference keys leads to incorrect hashes on HMAC algorithms — jwt 4.4 Medium2021-09-28
CVE-2021-41087 Improperly Implemented path matching for in-toto-golang — in-toto-golang 5.6 Medium2021-09-21
CVE-2021-34572 Insufficient Verification of Data Authenticity in Enbra EWM (replay attack) — EWM 1.7.29 6.5 Medium2021-09-16
CVE-2021-1586 Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability — Cisco NX-OS System Software in ACI Mode 8.6 High2021-08-25
CVE-2021-39158 Dependency injection in NVCaffe — caffe 8.8 High2021-08-23
CVE-2021-21588 Dell EMC PowerFlex数据伪造问题漏洞 — PowerFlex 6.5 Medium2021-07-12
CVE-2021-33712 Mendix SAML 数据伪造问题漏洞 — Mendix SAML Module 8.8 -2021-06-08
CVE-2021-32665 Verified groups not reliable — wire-ios 8.8 High2021-06-03
CVE-2021-20267 OpenStack 数据伪造问题漏洞 — openstack-neutron 7.1 -2021-05-28
CVE-2021-20271 Red Hat Package Manager 数据伪造问题漏洞 — rpm 7.0 -2021-03-26
CVE-2021-1403 Cisco IOS XE Software Web UI Cross-Site WebSocket Hijacking Vulnerability — Cisco IOS XE Software 7.4 High2021-03-24
CVE-2021-21320 User content sandbox can be confused into opening arbitrary documents — matrix-react-sdk 2.6 Low2021-03-02
CVE-2020-15262 Invalid integrity hashes in webpack-subresource-integrity — webpack-subresource-integrity 3.7 Low2020-10-19
CVE-2019-16000 Cisco Umbrella Roaming Client for Windows Install Vulnerability — Cisco Umbrella Enterprise Roaming Client for Windows 6.0 -2020-09-23
CVE-2019-16007 Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability — Cisco AnyConnect Secure Mobility Client 7.1 -2020-09-23
CVE-2020-13178 Teradici PCoIP Standard Agent和Graphics Agent 数据伪造问题漏洞 — - PCoIP Standard Agent for Windows - PCoIP Graphics Agent for Windows 6.7 -2020-08-11
CVE-2020-11985 Apache HTTP Server 数据伪造问题漏洞 — Apache HTTP Server 5.3 -2020-08-07
CVE-2020-3220 Cisco IOS XE Software IPsec VPN Denial of Service Vulnerability — Cisco IOS XE Software 16.4.1 5.9 -2020-06-03
CVE-2020-7487 多款Schneider Electric产品数据伪造问题漏洞 — EcoStruxure Machine Expert (all versions)SoMachine, SoMachine Motion (all versions)Modicon M218 Logic Controller (all versions)Modicon M241 Logic Controller (all versions)Modicon M251 Logic Controller (all versions)Modicon M258 Logic Controller (all versions) 9.8 -2020-04-22
CVE-2019-18905 Deprecated functionality in autoyast2 automatically imports gpg keys without checking them — SUSE Linux Enterprise Server 12 4.8 Medium2020-04-03
CVE-2019-17636 Eclipse Theia 数据伪造问题漏洞 — Eclipse Theia 9.1 -2020-03-10

Vulnerabilities classified as CWE-345 (对数据真实性的验证不充分) represent 226 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.