Cyber Posture

CWE · MITRE source

CWE-353Missing Support for Integrity Check

Abstraction: Base · CVEs in our corpus: 37

The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

If integrity check values or "checksums" are omitted from a protocol, there is no way of determining if data has been corrupted in transmission. The lack of checksum functionality in a protocol removes the first application-level check of data that can be used. The end-to-end philosophy of checks states that integrity checks should be performed at the lowest level that they can be completely implemented. Excluding further sanity checks and input validation performed by applications, the protocol's checksum is the most important level of checksum, since it can be performed more completely than at any previous level and takes into account entire messages, as opposed to single packets.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (11)AI

Control Title Family Why it addresses this CWE
SA-10Developer Configuration ManagementSARequiring control over the integrity of all changes directly compels developers to implement integrity verification mechanisms rather than omitting them.
SA-18Tamper Resistance and DetectionSATamper detection fundamentally depends on integrity-checking capabilities that this control mandates or strengthens.
SA-19Component AuthenticitySAExplicitly requires support for integrity and authenticity checks on components before acceptance into the system.
SR-11Component AuthenticitySRThe control mandates support for integrity-checking mechanisms to identify non-genuine components.
SR-4ProvenanceSRMaintaining valid provenance requires supporting integrity checks on the origin and chain of custody for systems and data.
SR-9Tamper Resistance and DetectionSRTamper protection programs explicitly add integrity checks where support was previously missing.
SC-20Secure Name/Address Resolution Service (Authoritative Source)SCSupplies the integrity-check artifacts (e.g., RRSIG, DNSKEY) that were previously missing for DNS responses.
SC-33Transmission Preparation IntegritySCControl explicitly adds support for integrity mechanisms such as checksums during preparation, preventing attacks that rely on missing integrity checks.
AU-10Non-repudiationAUIrrefutable evidence of actions requires integrity protection to prevent tampering or alteration of records.
CM-14Signed ComponentsCMImplements required signature-based integrity verification, addressing missing support for integrity checks on components.
SI-7Software, Firmware, and Information IntegritySIDirectly supplies the missing integrity verification mechanism the weakness describes.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2020-78782.09.80.00342021-12-28
CVE-2020-78081.88.70.00242020-05-21
CVE-2020-78101.88.80.00202020-08-07
CVE-2021-266081.88.80.00232021-09-09
CVE-2019-114801.78.40.00432020-04-14
CVE-2021-285451.78.10.01642021-04-01
CVE-2020-102661.68.10.00142020-04-06
CVE-2020-101241.67.10.02572020-08-21
CVE-2024-278171.67.80.00152024-06-10
CVE-2024-469171.68.10.00042025-08-29
CVE-2019-109431.57.50.00112019-08-13
CVE-2023-324751.57.60.00012024-06-07
CVE-2025-485001.57.30.00012025-08-13
CVE-2025-153641.57.30.00062026-01-06
CVE-2021-266101.47.20.00162021-10-27
CVE-2025-488031.46.70.00422025-07-08
CVE-2025-488111.46.70.00422025-07-08
CVE-2025-652031.47.10.00032025-12-17
CVE-2025-100101.46.80.00022026-02-24
CVE-2026-424281.47.10.00022026-04-28
CVE-2021-285461.36.50.00402021-04-01
CVE-2021-383961.36.50.00022021-10-04
CVE-2023-288651.36.60.00322024-08-08
CVE-2019-191601.25.70.00322020-06-29
CVE-2022-27931.25.90.00022022-08-19