CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

593 vulnerabilities with CWE-345
CVE-2022-20829 CRITICAL
Cisco ASA and ASDM - Authenticated Arbitrary Code Execution via Malicious ASDM Image
CVSS 9.1
CVE-2022-31801 CRITICAL
Phoenixcontact Multiprog - Data Authenticity Bypass
CVSS 9.8
CVE-2022-31800 CRITICAL
Phoenix Contact ProConOS/ProConOS eCLR Firmware - Unauthenticated Remote Code Execution via Malicious Logic Upload
CVSS 9.8
CVE-2022-32252 MEDIUM
SINEMA Remote Connect Server < 3.1 - Authenticated Privilege Escalation via Unverified Update Package
CVSS 6.5
CVE-2022-31813 CRITICAL
Apache HTTP Server < 2.4.54 - Insufficient Verification of Data Authenticity via X-Forwarded-* Headers
CVSS 9.8
CVE-2022-28385 MEDIUM
Verbatim drives <2022-03-31 - Info Disclosure
CVSS 4.6
CVE-2022-29220 MEDIUM
github-action-merge-dependabot <3.2.0 - Info Disclosure
CVSS 6.5
CVE-2022-24889 LOW
Nextcloud Server < 21.0.8 - Insufficient Verification of Data Authenticity
CVSS 2.4
CVE-2022-20795 MEDIUM
Cisco Adaptive Security Appliance and Firepower Threat Defense - Denial of Service via DTLS Tunnel Processing
CVSS 5.8
CVE-2022-26516 HIGH
Redlion DA50N Firmware - Authenticated Insufficient Verification of Data Authenticity via Web Update Interface
CVSS 8.4
CVE-2022-20774 MEDIUM
Cisco IP Phone 6800, 7800, and 8800 Series Multiplatform Firmware < 11.3.5 - Cross-Site Request Forgery
CVSS 6.8
CVE-2022-26871 CRITICAL KEV
Trend Micro Apex Central - Unauthenticated Arbitrary File Upload
CVSS 9.8
CVE-2022-0715 CRITICAL
APC Smart-UPS Family - Improper Authentication
CVSS 9.1
CVE-2022-25262 CRITICAL
JetBrains Hub < 2022.1.14434 - SAML Request Takeover via Insufficient Verification of Data Authenticity
CVSS 9.8
CVE-2022-22567 MEDIUM
Dell Alienware and G-Series Firmware - Authenticated BIOS Firmware Modification via Insufficient Verification
CVSS 4.7
CVE-2022-22994 HIGH
Western Digital My Cloud OS < 5.19.117 - Remote Code Execution via Unsecured HTTP Call
CVSS 8.8
CVE-2021-26403 MEDIUM
AMD EPYC 7001 Series Firmware - Insufficient Verification of Data Authenticity
CVSS 6.5
CVE-2021-26396 MEDIUM
AMD EPYC 7003 Firmware < milanpi-sp3_1.0.0.9 - Memory Integrity Loss via ASP Address Mapping
CVSS 4.4
CVE-2021-4226 CRITICAL
RSFirewall! < 1.1.25 - IP Address Spoofing via HTTP Header Manipulation
CVSS 9.8
CVE-2021-4122 MEDIUM
cryptsetup < 2.3.7 - Insufficient Verification of Data Authenticity in LUKS Header
CVSS 4.3
CVE-2021-26368 MEDIUM
AMD Ryzen 3/5/5300/5600/5700/5800/5900/5950 Firmware - Denial of Service via Trusted OS Process Type Check Bypass
CVSS 4.4
CVE-2021-27759 LOW
HCLTech BigFix Inventory 9.0 through 10.0.7.0 - Cross-Site Request Forgery
CVSS 2.3
CVE-2021-26625 HIGH
Nexacro 17.0.0-17.1.3.700 - Arbitrary File Download and Execute via Automatic Update Function
CVSS 8.8
CVE-2021-4031 HIGH
Syltek < 10.22.00 - Insufficient Verification of Data Authenticity in Payment System
CVSS 7.5
CVE-2021-39689 MEDIUM
Android - Local Privilege Escalation via Logic Error in odsign_main.cpp
CVSS 6.7
Details
Vulnerabilities 593
Links
MITRE CWE Entry Search this CWE With Exploits