CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

593 vulnerabilities with CWE-345
CVE-2022-39199 MEDIUM
immudb < 1.4.1 - Insufficient Verification of Data Authenticity via Server UUID Spoofing
CVSS 5.8
CVE-2022-3703 HIGH
ETIC Telecom Remote Access Server Firmware < 4.5.0 - Insufficient Verification of Data Authenticity
CVSS 7.6
CVE-2022-0031 MEDIUM
Cortex XSOAR - Local Privilege Escalation via Insufficient Verification of Data Authenticity
CVSS 6.7
CVE-2022-27513 HIGH
Citrix Gateway and Application Delivery Controller Firmware 12.1 - Remote Desktop Takeover via Phishing
CVSS 8.3
CVE-2022-26122 MEDIUM
FortiClient/FortiMail/FortiOS AV <6.2.168 & <6.4.274 - Auth Bypass
CVSS 4.7
CVE-2022-34845 LOW
Robustel R1510 Firmware 3.1.16 and 3.3.0 - Arbitrary Firmware Update via sysupgrade Functionality
CVSS 2.7
CVE-2022-36360 HIGH
Siemens LOGO! 8 BM Firmware <8.3 - Insufficient Firmware Update Authenticity Verification
CVSS 7.5
CVE-2022-20396 MEDIUM
Android 12L 13 - Unauthenticated Bluetooth Discoverability Bypass via SettingsActivity
CVSS 5.5
CVE-2022-36130 CRITICAL
HashiCorp Boundary <0.10.1 - Privilege Escalation
CVSS 9.9
CVE-2022-38625 HIGH
Patlite NH-FB < 1.46 - Authenticated Firmware Validation Bypass via Firmware Upload
CVSS 8.8
CVE-2022-2255 HIGH
mod_wsgi < 4.9.3 - Unauthenticated Header Spoofing via X-Client-IP
CVSS 7.5
CVE-2022-2793 MEDIUM
Emerson Electric's Proficy Machine Edition <9.00 - Info Disclosure
CVSS 5.9
CVE-2022-2789 MEDIUM
Emerson Electric's Proficy Machine Edition < 9.0.0 - Insufficient Verification of Data Authenticity
CVSS 4.7
CVE-2022-28757 HIGH
Zoom Client for Meetings <5.11.6 - Privilege Escalation
CVSS 8.8
CVE-2022-30262 HIGH
Emerson ControlWave PAC and Micro Firmware < 2022-05-02 - Insufficient Firmware Integrity Verification
CVSS 7.8
CVE-2022-30264 CRITICAL
Emerson ROC/FloBoss RTU <2022-05-02 - Unauthenticated Arbitrary File Operations via ROC Opcode 203
CVSS 9.8
CVE-2022-37008 HIGH
Huawei EMUI - Insufficient Verification of Data Authenticity in Recovery Module
CVSS 7.5
CVE-2022-30315 CRITICAL
Honeywell Experion PKS Safety Manager <= 2022-05-06 - RCE via Safety Builder Protocol
CVSS 9.8
CVE-2022-30272 HIGH
Motorola ACE1000 RTU - Insufficient Firmware Integrity Verification
CVSS 7.2
CVE-2022-30269 HIGH
Motorola ACE1000 RTUs through 2022-05-02 - Insufficient Verification of Data Authenticity
CVSS 8.8
CVE-2022-30273 CRITICAL
Motorola MDLC - Insufficient Verification of Data Authenticity in Legacy Encryption Mode
CVSS 9.8
CVE-2022-29958 CRITICAL
JTEKT TOYOPUC PLCs through 2022-04-29 - Unauthenticated Arbitrary Code Execution via CMPLink/TCP Protocol
CVSS 9.8
CVE-2022-28370 HIGH
Verizon 5G Home LVSKIHP ODU 3.33.101.0 - Code Injection
CVSS 7.5
CVE-2022-34763 MEDIUM
Schneider Electric OPC UA Module for M580 <1.10 & X80 Advanced RTU >=2.01 - Data Authenticity Verification Bypass
CVSS 5.9
CVE-2022-31598 MEDIUM
SAP Business Objects <420 - Info Disclosure
CVSS 5.4
Details
Vulnerabilities 593
Links
MITRE CWE Entry Search this CWE With Exploits