ClassDraft

CWE-345Insufficient Verification of Data Authenticity

Category: auth

Description

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Common consequences· 1

  • Integrity / Other — Varies by Context, Unexpected State

Related CAPEC attack patterns· 12

CAPEC-111CAPEC-141CAPEC-142CAPEC-148CAPEC-218CAPEC-384CAPEC-385CAPEC-386CAPEC-387CAPEC-388CAPEC-665CAPEC-701

References

  1. https://cwe.mitre.org/data/definitions/345.html

Exploits (incoming)12

TypeTargetConfidenceTier
AttackPatternApplication API Navigation Remappingcapec-386100%live
AttackPatternCache Poisoningcapec-141100%live
AttackPatternTransaction or Event Tampering via Application API Manipulationcapec-385100%live
AttackPatternNavigation Remapping To Propagate Malicious Contentcapec-387100%live
AttackPatternDNS Cache Poisoningcapec-142100%live
AttackPatternBrowser in the Middle (BiTM)capec-701100%live
AttackPatternExploitation of Thunderbolt Protection Flawscapec-665100%live
AttackPatternSpoofing of UDDI/ebXML Messagescapec-218100%live
AttackPatternJSON Hijacking (aka JavaScript Hijacking)capec-111100%live
AttackPatternContent Spoofingcapec-148100%live
AttackPatternApplication API Button Hijackingcapec-388100%live
AttackPatternApplication API Message Manipulation via Man-in-the-Middlecapec-384100%live

Compliance frameworks addressing this (incoming)2

TypeTargetConfidenceTier
ComplianceControldora-art12100%live
ComplianceControlowasp_llm_top10-llm04100%live

(incoming)51

TypeTargetConfidenceTier
VulnerabilityCVE-2025-1108cve-2025-11080%live
VulnerabilityCVE-2025-12295cve-2025-122950%live
VulnerabilityCVE-2025-15385cve-2025-153850%live
VulnerabilityCVE-2025-1945cve-2025-19450%live
VulnerabilityCVE-2025-24903cve-2025-249030%live
VulnerabilityCVE-2025-27558cve-2025-275580%live
VulnerabilityCVE-2025-27616cve-2025-276160%live
VulnerabilityCVE-2025-27680cve-2025-276800%live
VulnerabilityCVE-2025-43865cve-2025-438650%live
VulnerabilityCVE-2025-48865cve-2025-488650%live
VulnerabilityCVE-2025-49199cve-2025-491990%live
VulnerabilityCVE-2025-59934cve-2025-599340%live
VulnerabilityCVE-2025-59951cve-2025-599510%live
VulnerabilityCVE-2025-6426cve-2025-64260%live
VulnerabilityCVE-2025-6504cve-2025-65040%live
VulnerabilityCVE-2025-66225cve-2025-662250%live
VulnerabilityCVE-2025-66255cve-2025-662550%live
VulnerabilityCVE-2025-66570cve-2025-665700%live
VulnerabilityCVE-2025-67298cve-2025-672980%live
VulnerabilityCVE-2025-7096cve-2025-70960%live
VulnerabilityCVE-2025-71057cve-2025-710570%live
VulnerabilityCVE-2025-8038cve-2025-80380%live
VulnerabilityCVE-2025-8978cve-2025-89780%live
VulnerabilityCVE-2026-23966cve-2026-239660%live
VulnerabilityCVE-2026-24772cve-2026-247720%live
VulnerabilityCVE-2026-25921cve-2026-259210%live
VulnerabilityCVE-2026-27510cve-2026-275100%live
VulnerabilityCVE-2026-27804cve-2026-278040%live
VulnerabilityCVE-2026-2836cve-2026-28360%live
VulnerabilityCVE-2026-28454cve-2026-284540%live

Showing top 30 of 51 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Verification of Cryptographic Signature
CWE
Improper Input Validation
CWE
Improperly Implemented Security Check for Standard
CWE
Deserialization of Untrusted Data
CWE
Use of Insufficiently Random Values
CWE
Improper Certificate Validation
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.