CWE · MITRE source
CWE-330Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-12 | Cryptographic Key Establishment and Management | SC | Key generation under controlled management uses approved random-bit sources rather than insufficiently random values. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2019-5420 | 7.6 | 9.8 | 0.9375 | 2019-03-27 |
CVE-2008-0087 | 4.8 | 7.5 | 0.5574 | 2008-04-08 |
CVE-2022-36536 | 4.8 | 9.8 | 0.4801 | 2022-09-16 |
CVE-2018-17888 | 4.4 | 9.8 | 0.4073 | 2018-10-12 |
CVE-2020-11901 | 3.5 | 9.0 | 0.2901 | 2020-06-17 |
CVE-2021-34646 | 3.3 | 9.8 | 0.2251 | 2021-08-30 |
CVE-2017-6026 | 2.9 | 9.1 | 0.1857 | 2017-06-30 |
CVE-2008-2433 | 2.7 | 9.8 | 0.1231 | 2008-08-27 |
CVE-2021-40422 | 2.7 | 10.0 | 0.1104 | 2022-04-14 |
CVE-2023-29332 | 2.4 | 7.5 | 0.1461 | 2023-09-12 |
CVE-2019-9898 | 2.2 | 9.8 | 0.0429 | 2019-03-21 |
CVE-2019-7667 | 2.2 | 9.8 | 0.0365 | 2019-07-01 |
CVE-2019-15130 | 2.2 | 9.8 | 0.0336 | 2019-08-18 |
CVE-2020-11501 | 2.2 | 7.4 | 0.1149 | 2020-04-03 |
CVE-2008-3612 | 2.1 | 9.8 | 0.0252 | 2008-09-11 |
CVE-2017-16924 | 2.1 | 9.8 | 0.0173 | 2018-02-19 |
CVE-2021-27200 | 2.1 | 9.8 | 0.0305 | 2021-06-11 |
CVE-2022-25752 | 2.1 | 9.8 | 0.0311 | 2022-04-12 |
CVE-2022-46353 | 2.1 | 9.8 | 0.0199 | 2022-12-13 |
CVE-2016-5100 | 2.0 | 9.8 | 0.0029 | 2017-02-13 |
CVE-2017-7902 | 2.0 | 9.8 | 0.0004 | 2017-06-30 |
CVE-2017-7905 | 2.0 | 9.8 | 0.0020 | 2017-06-30 |
CVE-2017-17091 | 2.0 | 8.8 | 0.0448 | 2017-12-02 |
CVE-2018-16239 | 2.0 | 9.8 | 0.0042 | 2018-08-30 |
CVE-2018-18375 | 2.0 | 9.8 | 0.0034 | 2018-10-16 |