Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-345 (对数据真实性的验证不充分) — Vulnerability Class 226

226 vulnerabilities classified as CWE-345 (对数据真实性的验证不充分). AI Chinese analysis included.

CWE-345 represents a critical integrity weakness where software fails to adequately verify the origin or authenticity of incoming data, leading to the acceptance of invalid or malicious inputs. Attackers typically exploit this vulnerability by injecting spoofed or tampered information, tricking the application into processing untrusted sources as legitimate. This can result in severe consequences, including data corruption, unauthorized access, or system compromise, as the software blindly trusts the manipulated payload. To mitigate this risk, developers must implement robust cryptographic verification mechanisms, such as digital signatures or message authentication codes, to ensure data integrity. Additionally, strict input validation and secure communication protocols like TLS should be employed to authenticate data sources. By rigorously validating the provenance of all external inputs, organizations can prevent attackers from exploiting trust assumptions and maintain the overall security posture of their systems against integrity-based attacks.

MITRE CWE Description
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Common Consequences (1)
Integrity, OtherVaries by Context, Unexpected State
Examples (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2020-3174 Cisco NX-OS Software Anycast Gateway Invalid ARP Vulnerability — Cisco NX-OS Software 7.3(2)D1(1d) 8.2 -2020-02-26
CVE-2019-12620 Cisco HyperFlex Software Counter Value Injection Vulnerability — Cisco HyperFlex HX-Series 5.3 -2019-09-18
CVE-2019-10181 icedtea-web 数据伪造问题漏洞 — icedtea-web 8.1 -2019-07-31
CVE-2019-1932 Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability — Cisco AMP for Endpoints 6.7 -2019-07-06
CVE-2019-3875 Red Hat Keycloak 信任管理问题漏洞 — keycloak 6.5 -2019-06-12
CVE-2019-10157 Red Hat Keycloak Node.js adapter 授权问题漏洞 — keycloak 5.5 -2019-06-12
CVE-2019-1880 Cisco Unified Computing System BIOS Signature Bypass Vulnerability — Cisco Unified Computing System (Managed) 4.4 -2019-06-05
CVE-2015-3956 多款Hospira产品安全漏洞 — Plum A+ Infusion System 9.8 -2019-03-25
CVE-2019-1667 Cisco HyperFlex Arbitrary Statistics Write Vulnerability — Cisco HyperFlex HX-Series 3.3 -2019-02-21
CVE-2019-3807 PowerDNS Recursor 信任管理问题漏洞 — pdns-recursor 9.8 -2019-01-29
CVE-2018-10626 Medtronic MyCareLink 24950 Patient Monitor Insufficient Verification of Data Authenticity — 24950 MyCareLink Monitor 4.4 Medium2018-08-10
CVE-2018-10894 Red Hat Keycloak 安全漏洞 — keycloak 8.1 -2018-08-01
CVE-2017-3198 GIGABYTE BRIX UEFI firmware is not cryptographically signed — GB-BSi7H-6500 9.1 -2018-07-09
CVE-2017-2667 Foreman 数据伪造问题漏洞 — Hammer CLI 8.1 -2018-03-12
CVE-2014-5406 Hospira LifeCare PCA Infusion System — LifeCare PCA Infusion System 9.1 -2015-07-06
CVE-2014-9194 Arbiter Systems 1094B GPS Clock Insufficient Verification of Data Authenticity — Model 1094B GPS Substation Clock 6.5 -2015-01-17

Vulnerabilities classified as CWE-345 (对数据真实性的验证不充分) represent 226 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.