CWE · MITRE source
CWE-345Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (9)AI
Showing the 7 most specific. Generic controls that address many weakness types are collapsed below.
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-17 | Public Key Infrastructure Certificates | SC | Use of approved PKI certificates provides verifiable data authenticity and origin for communications and artifacts. |
SC-20 | Secure Name/Address Resolution Service (Authoritative Source) | SC | Mandates provision of authenticity and integrity artifacts that enable verification of name/address resolution data. |
SC-21 | Secure Name/Address Resolution Service (Recursive or Caching Resolver) | SC | Requires explicit verification of data authenticity from authoritative sources, preventing acceptance of unauthenticated resolution responses. |
SR-4 | Provenance | SR | Provenance documentation and monitoring directly enables verification of authenticity for components and data throughout their history. |
SR-9 | Tamper Resistance and Detection | SR | The control implements verification mechanisms that detect tampering by ensuring data authenticity. |
PT-8 | Computer Matching Requirements | PT | Directly requires independent verification of matching output before adverse decisions, mitigating insufficient authenticity checks on data from external sources. |
SI-7 | Software, Firmware, and Information Integrity | SI | Mandates verification of data authenticity for software, firmware, and information. |
Show 2 more broadly-applicable controls
SC-33 | Transmission Preparation Integrity | SC | Control requires verification of data authenticity/integrity (e.g., checksums) after aggregation/packing, directly reducing exploitation of insufficient verification before transmission. |
SC-45 | System Time Synchronization | SC | Time synchronization supports reliable freshness verification when checking data authenticity across systems or components. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2023-38831 KEV | 9.2 | 7.8 | 0.9386 | 2023-08-23 |
CVE-2016-4553 | 6.7 | 8.6 | 0.8284 | 2016-05-10 |
CVE-2016-4554 | 5.9 | 8.6 | 0.6886 | 2016-05-10 |
CVE-2022-26871 KEV | 5.1 | 9.8 | 0.1944 | 2022-03-29 |
CVE-2024-39689 | 2.8 | 7.5 | 0.2123 | 2024-07-05 |
CVE-2024-45410 | 2.8 | 9.8 | 0.1395 | 2024-09-19 |
CVE-2023-51764 | 2.7 | 5.3 | 0.2706 | 2023-12-24 |
CVE-2023-5482 | 2.6 | 8.8 | 0.1386 | 2023-11-01 |
CVE-2021-37421 | 2.5 | 9.8 | 0.0891 | 2021-08-30 |
CVE-2019-11235 | 2.2 | 9.8 | 0.0340 | 2019-04-22 |
CVE-2019-5161 | 2.1 | 9.1 | 0.0490 | 2020-03-11 |
CVE-2022-31800 | 2.1 | 9.8 | 0.0157 | 2022-06-21 |
CVE-2022-20829 | 2.1 | 9.1 | 0.0490 | 2022-06-24 |
CVE-2023-4699 | 2.1 | 10.0 | 0.0091 | 2023-11-06 |
CVE-2017-11103 | 2.0 | 8.1 | 0.0571 | 2017-07-13 |
CVE-2017-3198 | 2.0 | 9.8 | 0.0021 | 2018-07-09 |
CVE-2015-3956 | 2.0 | 9.8 | 0.0018 | 2019-03-25 |
CVE-2018-19971 | 2.0 | 9.8 | 0.0058 | 2019-04-16 |
CVE-2019-6695 | 2.0 | 9.8 | 0.0026 | 2019-08-23 |
CVE-2019-18835 | 2.0 | 9.8 | 0.0016 | 2019-11-08 |
CVE-2019-2289 | 2.0 | 9.8 | 0.0005 | 2019-11-21 |
CVE-2013-2167 | 2.0 | 9.8 | 0.0083 | 2019-12-10 |
CVE-2019-5613 | 2.0 | 9.8 | 0.0022 | 2020-02-18 |
CVE-2016-1000004 | 2.0 | 9.8 | 0.0019 | 2020-02-19 |
CVE-2019-20530 | 2.0 | 9.8 | 0.0007 | 2020-03-24 |